N  EXECUTIVES 


Cinergy  Corp.  CIO 
BENNETT  GAINES 

needed  to  outsource 
one  job:  the  construction 
of  an  enterprisewide 
data  warehouse. 


PRESIDENTIAL  ADVISER  ED  LAZOWSKA  ON  THE  LOOMING  SECURITY  CRISIS 


m  b)  Vi  f  Ctrl 

In 

aftBHSWSHilSIjffS 

imageRUNNER  5570 


Sara  knew  her  company  needed  something  more  than  a  mere  copier. 
So  they  chose  the  new  Canon  imageRUNNER  6570  that  does  it  all. 
That’s  why  Sara’s  company  needs  Sara. 


Sara’s  company  isn’t  doing  business  as  usual.  What  about  your  company?  Some  say  all  you  need  is  a  mere  copier; 
we  disagree.  With  the  revolutionary  new  Canon  imageRUNNER®  70  Series,  you’ll  receive  state-of-the-art  technology  with  reliable 
high-speed  scanning,  copying,  printing,  fax  capabilities,  even  Internet  access.  Alt  of  our  products  have  proven  new  engines,  not  to 
mention  robust  software  offerings  such  as  Express  Copy,  Universal  Send™  and  eCopy  ShareScan  OP,™  which  provide  users  with  the 
ability  to  scan  and  share  documents  with  any  destination.  Thanks  to  Canon’s  MEAP®  technology,  their  functions  can  be  tailored 
for  your  specific  business  needs.  And  with  their  advanced  security  features,  your  documents  and  user  information  are  protected, 
giving  you  some  well-deserved  peace  of  mind.  Now  you  can  truly  expand  the  potential  of  your  workday. 

And  that’s  not  business  as  usual.  1-8QO-OK-CANON  www.imagerunner.com 


Canon 


Canon.  IMAGERUNNER  and  MEAP  are  registered  trademarks  ot  Canon  Inc.,  in  the  United  States  and  may  also  be  registered  trademarks  in  other  countries.  IMAGEANYWARE  Is  a  trademark  of  Canon  U.S.A Inc 
Universal  Send  is  a  trademark  of  Canon  Inc.  in  the  United  Slates  and  may  also  be  a  trademark  in  other  countries.  eCopy  ShareScan  is  a  trademark  of  eCopy.  Inc.  02005  Canon  U  S  A..  Inc.  All  rights  reserved 
Products  shown  with  optional  accessories.  Certain  software  sold  separately. 


imageANYWARE 


The  entire  department  heard  Bob  exclaim,  “ Cool !”  as  he  used 
the  Web  browser  on  the  new  image R  UNNER  6570  to  access 
and  print  his  company's  4th  quarter  sales  results. 


imageRUNNER  5570 


Bob’s  company  isn’t  doing  business  as  usual.  What  about  your  company?  While  “cool”  definitely  applies  to  the  new  Canon 
imageRUNNER®  70  Series,  “groundbreaking”  is  more  apt.  Both  the  imageRUNNER  6570  and  imageRUNNER  5570  have  the  industry’s  first  embedded 
Web  access  function  -  in  other  words,  a  full-size  user  interface  panel  that  actually  lets  you  call  up  Internet  or  intranet  data  without  the  use 
of  a  PC,  right  from  the  device.  Once  you’ve  done  that,  you  can  print  the  forms  and  documents  you  need  to  work  more  efficiently  and  productively. 
Of  course,  there  are  a  host  of  other  great  features  that  help  expand  the  potential  of  your  workday.  And  that’s  definitely  not  business  as  usual. 
1-8QO-OK-CANON  www.imagerunner.com 


Canon  and  IMAGERUNNER  are  registered  trademarks  of  Canon  Inc ,  in  the  United  States  and  may  also  be  registered  trademarks  in  other  countries.  IMAGEANVWARE  is  a  trademark  of  Canon  USA.,  Inc.  ©2005  Canon  USA..  Inc. 
All  rights  reserved.  Products  shown  with  optional  accessories. 


Canon 

imageANYWARE 


As  Patti  observed  the  new  Canon  Color-enabled  imageRUNNER, 
her  new  mantra  became ,  “ black-and-white  and  occasional 
color  printing  is  now  affordable.” 


Patti’s  company  isn’t  doing  business  as  usual.  What  about  your  company?  Yes,  thanks  to  the  Canon  Color-enabled 
imageRUNNER®  C3170  Series,  you  can  actually  add  a  few  pages  of  color  to  your  usual  black-and-white  printing  when  you  need 
it  more  affordably  than  before.  The  result  is  eye-catching  documents  and  more  effective  presentations.  This  state-of-the-art 
imageRUNNER  also  works  with  our  latest  robust  software  offerings,  including  Express  Copy,  Color  Universal  Send™  and 
eCopy  ShareScan  OP,™  allowing  users  to  scan  and  share  documents  with  any  destination.  All  of  this  while  giving  you 
the  dependability  you  expect  from  the  Canon  imageRUNNER  line  with  the  latest  technology  available.  It’s  yet  another 
example  of  expanding  the  potential  of  your  workday.  And  no  longer  doing  business  as  usual. 

1-800-OK-CANON  www.imagerunner.com  '{jL,  ■  1  j 


Canon  and  IMAGERUNNER  are  registered  trademarks  of  Canon  Inc.,  in  the  United  States  and  may  also  be  registered  trademarks  in  other  countries  IMAGE ANYWARE  is  a  trademark  of  Canon  U  S.A  ,  Inc.  Universal 
Send  is  a  trademark  of  Canon  Inc.  eCopy  ShareScan  is  a  trademark  of  eCopy,  Inc.  ©2005  Canon  USA  ,  Inc.  All  rights  reserved  Products  shown  with  optional  accessories  Certain  software  sold  separately 


image  ANYWARE 


The  new  Canon  imageRUNNER  solutions  and  support  addressed 
Don's  concerns  about  seamless  network  integration,  secured  printing 
and  managing  network  devices.  Hence,  Don's  no  longer  concerned. 


Don’s  company  isn’t  doing  business  as  usual.  What  about  your  company?  We’re  well  aware  of  your  daily  challenges  as  the 

gatekeeper  of  your  company’s  network.  And  we  totally  understand.  That’s  why  Canon’s  imageRUNNER®  solutions  are  raising  the 
bar  for  how  well  network  devices  work  and  how  seamlessly  they’re  integrated.  You’ll  appreciate  enhanced  security  features  that 
include  a  secured  print  function  for  document  confidentiality,  user  authentication,  NetSpot®  and  Remote  Ul™  for  easily  managing 
network  devices.  In  addition,  you  get  entirety  new  systems  across  our  full  line  of  imageRUNNER  solutions,  which  offer  intuitive 
technology  that  works  with  you,  not  against  you.  You  can  also  expect  your  current  investment  to  be  leveraged,  your  concerns  to  be 
addressed  and  the  potential  of  your  workday  to  be  expanded.  Which  means  no  more  business  as  usual.  - 

1-8QO-OK-CANON  www.imagerunner.com 


on,  IMAGERUNNER  and  NetSpot  are  registered  trademarks  ol  Canon  Inc.,  in  the  United  States  and  may  also  be  registered  trademarks  in  other  countries  IMAGEANYWARE  and  Remote  Ul  are  trademarks  ol  Canon  US  A .  Inc 
305  Canon  USA.  Inc.  All  rights  reserved  Products  shown  with  optional  accessories 


imageANYWARE 


You  are  your  output.  So  get  the  printer  that  helps  you  do  more  with  it.  That’s  the  thinking 
behind  Samsung’s  CLP-510N  color  laser,  and  why  we  put  20  years*  of  knowledge  into  every  part 
of  it.  Because  when  your  image  is  on  paper,  it  should  be  as  interesting  as  your  imagination 

www.samsung.com/printer 


©2005  Samsung  Electronics  America,  Inc.  Samsung  is  a  registered  trademark  of  Samsung  Electronics  Co..  Ltd.  Output  simulated.  'Samsung  Electronics  Co..  Ltd. 


Transparency 


Addressing  the  security  requirements  demanded  by 
regulatory  compliance  doesn't  mean  locking  down  your 
business.  With  CA  Identity  and  Access  Management 
software,  you  can  ensure  that  the  right  people  have 
access  to  the  right  information,  systems  and  processes. 
So  that  everyone  has  the  visibility  they  need  when 
they  need  it,  without  compromising  security 
throughout  your  environment.  It's  no  wonder  our 
eTrust™  security  suite  won  seven  honors  at  this  year's 
SC  Magazine  Global  Awards.  Learn  how  integrated 
security  solutions  from  CA  can  give  you  a  clear  view  of 
compliance  at  ca.com/compliance.  Or  call  1-800-225-5224, 
promo  code  1725. 


Simplify 


Automate 


Secure 


Computer  Associates® 


©  2005  Computer  Associates  International,  Inc.  (CA).  All  rights  reserved. 


COVER  PHOTO  BY  STEPHEN  WEBSTER 


Outsourcing 

COVER  STORY  |  SIMPLE  AND  SUCCESSFUL 
OUTSOURCING  |  50 

A  study  by  MIT  and  CIO  finds  that  CIOs  who  out¬ 
source  discrete  processes  that  have  well-defined  busi¬ 
ness  rules  are  almost  always  happy  with  the  outcome. 
Part  one  of  a  three-part  series  on  outsourcing. 

Feature  by  Stephanie  Overby 

OUTSOURCE,  DON’T  ABDICATE  |  36 

Regardless  of  what  business  processes  you  move  outside  your  corporate 
borders,  you  can’t  lose  sight  of  your  ultimate  responsibility  for  ethics  and 
the  end  result.  Column  by  Ben  Gomes-Casseres 

SOFTWARE  OUTSOURCING  |  CIO.COM 

One  global  CIO  calls  it  “collaborative  development,”  and  shares  software 
outsourcing  advice  and  trendwatching  with  guest  columnist  Gunjan  Bagla. 


tent 


OCTOBER/l/2005  I  VOL/19  I  NO/1 


Business  Analytics 

ANALYZE  THIS  |  40 

More  and  more  companies  are  using 
analytics  to  drive  their  decision-making 
processes.  But  there’s  a  right  and  a  wrong 

way  to  do  it.  Column  by  Tom  Davenport 

CRM 

HOW  TO  DO  CUSTOMER 
SEGMENTATION  RIGHT  |  72 

RBC  Royal  Bank  is  one  of  the  few  companies 
that  actually  gets  it.  Here’s  how  the  bank  has 
grown  its  market  share  by  courting  specific 
customer  segments,  such  as  retired  snow¬ 
birds  and  future  doctors. 

Feature  by  Alice  Dragoon 

1T-Business  Alignment 

THE  BUSINESS  OF  I.T.  IS  BUSINESS  |  32 

Six  keys  to  lasting  alignment  with  your 
business  partners. 

Column  by  Susan  Cramm 

Leadership  and 
Management 

THE  RULES  OF  I.T.  |  86 

There  are  rules  for  school,  dating,  taxes— 
and  now  IT.  Three  CIOs  have  created  rules 
for  their  staffs  to  follow. 

Feature  by  Thomas  Wailgum 


more  » 


www.cio.com  |  OCTOBER  1,  20C5 


Document  Products  and  Services 


For  higher  levels  of  data  accountability,  compliance,  and  security,  Kodak  gives  you  extreme  performance  for  smooth  sailing.  Trust  the 
world’s  imaging  leader  to  capture,  manage,  archive  and  deliver  your  critical  business  information  exactly  the  way  you  need  it.  Only  Kodak 
offers  you  the  broadest  array  of  scanners  and  reference  archive  equipment  on  the  market.  And  we  give  you  highly  trained  professionals 
who  support  over  1,000  models  from  over  100  manufacturers  including  tape  and  optical  libraries  and  drives,  NAS/SAN,  document 
scanners  and  micrographics  equipment.  For  document  products  and  services  with  no  limits  on  performance,  team  with  Kodak  and  get 
the  wind  at  your  back. 

For  more  information  visit  www.kodak.com/go/docimaging  or  call  1-800-944-6171. 


Kodc 


;y 


u  vk 


©  Kodak,  2005.  Kodak  is  a  trademark  of  Kodak. 


We're  here  for  you. 

Kodak  Service  &  Support 


content 


'  J-V 


DEPARTMENTS 


Trendlines  |  23 

Law  |  Doing  Justice  to  Technology 

Mobile  Technology  Bluetooth’s  Ghost 

Outsourcing  |  Into  Africa 

Resources  Top  Five  Ways  to  Waste  Your  IT 
Staff’s  Time 

Health  Care  |  England’s  New  Patient  Record 
System  Ailing 

On  the  Move  A  Strong  Job  Market  for  CIOs 

Self-Service  Of  Course  I  Want  Fries  with  That 

Management  Report  |  Invest  for  Better 
Performance 

Technology  |  Vendors  You  Like 
Wireless  Connected  at  the  Track 

Forum  !  102 

Business  Continuity  j  The  CIO  Executive  Council 
shares  ideas  and  insights  on  business  continuity. 

From  the  Managing  Editor  |  12 

Who  Owns  Security?  |  With  a  security  crisis 
looming,  it’s  time  for  someone  to  step  up. 

By  David  Rosenbaum 

From  the  Publisher  |  108 

The  Paper  Chase  !  CIOs  need  to  include  skyrock¬ 
eting  paper  and  printing  costs  in  their  IT  asset 
management  plans.  By  Gary  Beach 

Inbox  |  20 


Index  |  no 


Provisioning 

WHEN  THE  BITS  BITE  THE  DUST  |  65 

Asset  disposition.  Reverse  logistics.  Whatever  you  call  it,  getting  rid 
of  your  old  computers  is  more  complicated  than  you  might  think. 

Feature  by  Scott  Berinato 

Security 

THE  SKY  REALLY  IS  FALLING  |  80 

Ed  Lazowska,  cochairman  of  the  President’s  Information  Technology 
Advisory  Committee,  says  that  there  is  a  looming  security  crisis,  and 
the  government,  vendors  and  CIOs  aren’t  doing  enough  to  stop  it. 

Interview  by  Ben  Worthen 


8  OCTOBER  1,  2005  |  www.cio.com 


Executive  Summaries  |  112 
Wh(fi)t's  Hot  Online 

SERVICE-ORIENTED  ARCHITECTURE  seems  to 
be  popping  out  behind  every  corner.  Have  you  got 
it  down?  To  make  yourself  an  expert,  check  out 
our  special  report  on  SOA,  including  a  narrated 
slideshow.  Go  to  www.cio.com/specialreports. 


Aligning  it  with  customer  demand. 


Delivering  more  than  customers  expect. 


Delighting  them,  every  day. 


Winning  them  over  one  by  one. 


Increasing  shareholder  value. 


Striking  fear  in  the  heart  of  your  competitors. 


Looking  over  their  heads  into  the  future. 


It’s  as  close  to  a  crystal  ball  as  you  can  get. 


THAT’S  BUSINESS  TRANSFORMATION,  YOUR  WAY. 


It's  what  you  demand. 


SATYAM  DELIVERS. 


Satyam 

What  Business  Demands. 


One  Gatehall  Drive  Parsippany,  NJ  07054  1-800-450-7605  www.satyam.com  US@satyam.com 

Americas  /  Europe  /  Asia-Pacific  /  Middle  East  /  Africa 


**  ******’■»«*  ~ 

•■  ■  !  *  *  I  .  4  :  J  :  ' 

••••••• 

m  ■»  «*  «  »  »  * 


□  IS  IT  INTEGRATED  OUT  OF  TH 


□  CAN  WE 

□  CAN  OUR  PEOPL3M/ 


Bred  trademarks  or  trademarks  of 
lemarks  of  their  respective  owners. 


©  2005  Microsoft  Corporation.  All  rights  reserved.  Microsoft,  the  Windows  logo,  Windows  Server,  and  Windows  Server  S 
Microsoft  Corporation  in  the  United  States  and/or  other  countries.  The  names  of  actual  companies  and  products  mentioned 


\  / 

k. . 

f  Cl 

vfc,  K 

■  w 

jf  1 

Microsoft 


eTget  the  facts. 

RADIOSHACK  COMPARED  TCO  AND  FOUND  WINDOWS  SERVER  SYSTEM 
WILL  SAVE  THEM  MILLIONS. 


"In  upgrading  our  aging  UNIX-based  servers,  we  considered  both  Windows  Server™  and 
Linux.  Windows  Server  System™  offered  several  advantages,  including  the  ability  to  consolidate 
our  in-store  servers  by  50%  from  10,200  to  5,100 — and  a  savings  of  several  million  dollars 
in  hardware,  software,  systems  management,  and  support  costs." 

-Ron  Cook,  Vice  President  and  Chief  Technology  Officer,  RadioShack 


RadioShack 


For  these  and  other  third-party  findings,  go  to  microsoft.com/getthefacts 


Windows 
Server  System 


FROM  THE  EDITOR 


Who  Owns 
Security? 

Will  someone  step  up 
and  claim  responsibility? 
Anyone?  Please? 


: 


Ownership,  all  the  business  books  agree,  is  a  beautiful  thing.  Our  president  is  a  pro¬ 
ponent  of  what  he  calls  the  “ownership  society.”  Many  of  our  nation’s  founding  fathers 
believed  that  votes  should  be  weighted  according  to  how  much  land  a  man  owned.  A 
leader  will  encourage  a  sense  of  ownership  among  the  troops.  A  skilled  CIO  will  make  sure 
the  business  feels  ownership  of  IT  projects. 

But  if  ownership  is  such  a  critical  factor  in  the  success  of  any  endeavor,  be  it  a  project,  a 
business  or  a  whole  society,  it’s  only  fair  to  ask,  as  Harvard  professor  and  author  Jonathan 
Zittrain  did  at  last  summer’s  CIO  100  symposium,  who  owns  security?  Specifically,  who 
owns  security  on  the  Internet? 


The  question  of  who  owns 
Internet  security  is  a  critical 
one,  but  up  to  now  it's  been 
distinguished  only  by  the 
widespread  refusal  of  anyone 
to  answer  it. 


Do  CIOs  own  it?  Well,  they’re  pretty 
busy.  Do  CSOs  own  it?  Perhaps,  but  only 
within  the  narrow  confines  of  the  enter¬ 
prise,  inside  the  firewall,  and  among  a 
defined  set  of  partners  and  customers 
with  which  their  companies  do  business. 

Do  the  ISPs  own  it?  Ask  them  and  they’ll 

say  it  ain’t  their  job.  Does  Aunt  Mary  searching  on  eBay  for  that  missing  piece  of  Granny’s 
silver  service  own  it?  Well,  with  all  the  emphasis  on  what  consumers  can  do  to  protect  them¬ 
selves  from  identify  theft,  phishing  and  worms  and  viruses,  you  might  think  so.  But  you 
know  Aunt  Mary.  She  always  uses  the  same  password  (her  daughter’s  nickname),  and 
she  clicks  on  every  piece  of  e-mail  she  receives  and  opens  every  attachment.  So  putting  our 
Internet  security  eggs  in  Auntie’s  homespun  basket  doesn’t  seem  like  such  a  hot  idea. 

The  question  of  who  owns  Internet  security  is  a  critical  one,  but  up  to  now  it’s  been  distin¬ 
guished  only  by  the  widespread  refusal  of  anyone  to  answer  it.  But  in  “The  Sky  Really  Is  Falling” 
(Page  80),  Senior  Writer  Ben  Worthen  interviews  the  cochairman  of  the  President’s  Informa¬ 
tion  Technology  Advisory  Committee,  Ed  Lazowska,  who  says  that  cybersecurity— or  the  lack 
thereof— represents  a  failure  by  the  federal  government.  If  so,  doesn’t  that  mean  that  the  federal 
government  owns  Internet  security?  I  mean,  you  can’t  fail  at  something  unless  it’s  yours. 

Lazowska  may  be  an  adviser  to  President  Bush,  but  he’s  not  happy  with  the  adminis¬ 
tration’s  performance.  “This  administration  does  not  value  science.. .as  much  as  it  should— 
as  much  as  the  future  health  of  this  nation  requires,”  he  says. 

And  CIOs  don’t  get  off  easily  either.  “CIOs  are  partially  responsible  for  the  insecure  state 
of  today’s  operating  systems,”  Lazowska  says,  “because  they  failed  to  see  the  handwriting 
on  the  wall  and  prioritize  security.” 

Is  Lazowska’s  a  voice  in  the  wilderness?  Maybe  not.  As  intellectual  property— music, 
movies,  pod  casts  and  the  rest— continues  to  migrate  to  the  Internet  souk,  as  VoIP  matures 
and  emerges,  and  as  every  other  besuited  executive  uses  his  BlackBerry  or  Treo  to  chitchat 
with  or  text-message  the  home  office,  security  increasingly  becomes  a  big  money  issue  for 
powerful  commercial  interests.  And  when  big  money  talks,  the  government  tends  to  listen. 
After  all,  who  are  the  powers-that-be  going  to  trust  with  their  money’s  safety? 

Aunt  Mary? 

I  don’t  think  so. 

I 

u 


David  Rosenbaum,  Managing  Editor 

drosenbaum(a)cio.com 


12 


OCTOBER  1 


2  005  |  www.cio.com 


PHOTO  BY  WEBB  CHAPPELL 


Without  Akamai, 
that  a  100%  ' 
bookings  would  have 


Cathay  Pacific 


-Scott  Ohman,  Manager, 

E-Business  Commercial,  Cathay  Pacific  Airways  Hci.| 


Zathay  Pacific  trusts  Akamai  to  deliver  more  online  bookings. 


Akamai  delivers  more  than  content.  We  deliver  improved  performance  of  Cathay  Pacific's  dynamic 
online  applications,  allowing  passengers  and  agents  to  book  travel  and  check-in  for  reservations 
online  with  ease.  We  deliver  hundreds  of  thousands  of  dollars  in  infrastructure  cost-savings,  enabling 
Cathay  Pacific  to  handle  increased  application  usage  without  investing  in  hardware.  Akamai  delivers 
customer  loyalty,  the  ability  to  handle  traffic  spikes,  and  the  flexibility  for  future  growth. 


To  learn  more  visit  www.akamai.com/WebApplications 
to  see  a  Webcast:  Accelerating  Dynamic  Web  Applications 
Featuring  Forrester  Research  Analyst  Thomas  Mendel 

FORRESTER 


©2005  Akamai  Technologies,  Inc.  All  Rights  Reserved.  Akamai  and  the  Akamai  logo  are  registered  trademarks. 


For  over  30  years,  Sterling  Commerce  has  led  the  industry  in  helping  successful  organizations  work  more 
effectively  with  suppliers,  subsidiaries  and  customers.  Now,  with  the  first  platform  to  meet  all  the  challenges 
of  real-world  multi-enterprise  collaboration,  Sterling  Commerce  can  help  your  organization  become  seamlessly 
integrated  with  trusted  business  partners.  You'll  achieve  end-to-end  visibility,  and  real-time  control  over  shared 

BUSINESS  APPLICATIONS  /  BUSINESS  INTEGRATION  /  BUSINESS  INT 


©2005  Sterling  Commerce,  Inc.  ALL  RIGHTS  RESERVED.  Sterling  Commerce  and  the  Sterling  Commerce  logo  are  trademarks  of  Sterling  Commerce,  Inc.  Sterling  Commerce  is  an  SBC  Communications  Inc.  company. 


Sterling  Commerce  leads  the  world  in  helping 
businesses  collaborate  with  their  partners. 


Of  course,  we've  had  a  30  year  head  start. 


business  processes,  so  you  can  make  faster,  better-informed  decisions  to  help  cut  costs  and  accelerate  time 
to  market.  Leading  analysts  uniformly  praise  our  technology  and  implementations.  And,  most  importantly, 
a  majority  of  the  world's  leading  companies  depend  on  us.  That's  a  tough  act  to  follow.  Contact  your 
Sterling  Commerce  representative  today.  Or  visit  us  at  www.sterlingcommerce.com 

GENCE  /  BUSINESS  PROCESS  MANAGEMENT  /  SOLUTION  DELIVERY 


sterling  commerce 


[EH 

THE  RESOURCE  FOR  INFORMATION  EXECUTIVES 


president  and  ceo  Michael  Friedenberg 

editorial  director  Lew  McCreary 
publisher  Gary  J.  Beach 

EDITORIAL 

editor  in  chief  Abbie  Lundberg 
managing  editor  David  Rosenbaum 

MANAGING  EDITOR,  PRODUCTION 

Cheryl  R.  Asselin 

EXECUTIVE  EDITORS 

Alison  Bass,  Christopher  Koch, 
Edward  Prewitt 

WASHINGTON  BUREAU  CHIEF 

Allan  Flolmes 

TECHNOLOGY  EDITOR 

Christopher  Lindquist 

SENIOR  EDITORS 

Scott  Berinato, 

Stephanie  Overby,  Elana  Varon 

SENIOR  WRITERS 

Meridith  Levinson, 

Susannah  Patton,  Ben  Worthen 

STAFF  WRITER 

Thomas  Wailgum 

CONTRIBUTORS 

Mindy  Blodgett,  Susan  Cramm, 

Tom  Davenport,  Alice  Dragoon, 

Ben  Gomes-Casseres,  Grant  Gross, 
Cassidy  Healzer,  Robert  McMillan, 
Elizabeth  Montalbano,  James  Niccolai 

DESIGN 

EXECUTIVE  DIRECTOR,  ART  AND  DESIGN 

Mary  Lester 

art  director  Terri  Plaas 

ASSOCIATE  ART  DIRECTORS 

Owen  Edwards,  Matthew  Goebel 

COPY  TEAM 

copy  chief  Emily  S.  Henderson 

senior  copy  editor  Diann  Daniel 
copyeditor  Cathy Mallen 

EDITORIAL  ASSISTANTS 

Margaret  Locher,  Al  Sacco 

EDITORIAL  INTERN 

Christopher  Lynch 


WHAT  WE  COVER, 

INDUSTRY 

Automotive 

Edward  Prewitt,  eprewitt@cio.com 

Financial  Services 

Elana  Varon,  evaron@cio.com 

Health  Care 

Alison  Bass,  abass@cio.com 

Manufacturing,  Business-to-Business 

Christopher  Koch,  ckoch@cio.com 

Manufacturing,  Business-to-Consumer 

Susannah  Patton,  spatton@cio.com 

Public  Sector 

Allan  Holmes,  aholmes@cio.com 

Retail 

Meridith  Levinson,  mlevinson@cio.com 

Transportation 

Stephanie  Overby,  soverby@cio.com 


WHOM  TO  CONTACT 

Enterprise  Resource  Planning  (ERP) 

Ben  Worthen.  bworthen@cio.com 

Integration 

Christopher  Koch,  ckoch@cio.com 

Leadership  and  Management 

Edward  Prewitt,  eprewitt@cio.com 

Legislation  and  Regulation 

Allan  Holmes,  aholmes@cio.com 
Ben  Worthen,  bworthen@cio.com 

Outsourcing 

Stephanie  Overby,  soverby@cio.com 

Public  Sector  (Government  IT) 

Allan  Holmes,  aholmes@cio.com 

Risk  Management 

Allan  Holmes,  aholmes@cio.com 

Security/Privacy 

Scott  Berinato,  sberinato@cio.com 
Allan  Holmes,  aholmes@cio.com 


BUSINESS  & 

TECHNOLOGY 

Architecture 

Christopher  Koch,  ckoch@cio.com 

Customer  Relationship  Management  (CRM) 

Alison  Bass,  abass@cio.com 

E-Commerce,  Business-to-Business 

Christopher  Koch,  ckoch@cio.com 

E-Commerce,  Business-to-Consumer 

Meridith  Levinson,  mlevinson@cio.com 

Emerging  Technology 

Christopher  Lindquist,  clindquist@cio.com 


Staffing 

Stephanie  Overby,  soverby@cio.com 

Supply  Chain  Management 

Ben  Worthen,  bworthen@cio.com 

Vendor  Management 

Scott  Berinato,  sberinato@cio.com 
Susannah  Patton,  spatton@cio.com 

Web  Services 

Christopher  Lindquist,  clindquist@cio.com 
Elana  Varon,  evaron@cio.com 

Workforce  Connectivity 

(Wireless,  Collaboration  Technologies) 

Thomas  Wailgum,  twailgum@cio.com 


j 


COLUMN  &  DEPARTMENT  CONTACTS 


Book  Reviews 

Elana  Varon,  evaron@cio.com 


Keynote 

Alison  Bass,  abass@cio.com 


RESEARCH  &  PROJECTS 

research  editor  Lorraine  Cosgrove  Ware 

associate  research  analyst  Julie  Hanson 

ONLINE  EDITORIAL 

web  editorial  director  Art  Jahnke 

WEB  EXECUTIVE  EDITOR  AND  PRODUCER 

Janice  Brand 

web  editor  Sandy  Kendall 
web  writer  Paul  Kerstein 


INTERNATIONAL  DATA  GROUP 

ceo  Pat  Kenealy 

BOARD  CHAIRMAN  Patrick  J.  McGovern 

president,  idg  communicatons  Bob  Carrigan 

C  BPA 

©CXO  Media  Inc. 


By  the  Numbers 

Lorraine  Cosgrove  Ware,  lcosgrove@cio.com 

Essential  Technology 

Christopher  Lindquist,  ciindquist@cio.com 

Executive  Coach 

Edward  Prewitt,  eprewitt@cio.com 

Forum 

Cheryl  Asselin,  casselin@cio.com 

From  the  Editor 

Abbie  Lundberg,  iundberg@cio.com 

From  the  Publisher 

Gary  Beach,  gbeach@cio.com 

InBox 

Cheryl  Asselin,  casselin@cio.com 


Michael  Schrage 

Alison  Bass,  abass@cio.com 

On  the  Move 

Meridith  Levinson,  mlevinson@cio.com 

Peer  to  Peer 

Alison  Bass,  abass@cio.com 

Total  Leadership 

Elana  Varon,  evaron@cio.com 

Trendlines 

Elana  Varon,  evaron@cio.com 

Washington  Watch 

Allan  Holmes,  aholmes@cio.com 
Ben  Worthen,  bworthen@cio.com 


e-mail  tetters@cio.com  phone  508  872-0080  fax  508  879-7784  address  CIO  Magazine,  CXO  Media  Inc., 
492  Old  Connecticut  Path,  P.O.  Box  9208,  Framingham,  MA  01701-9208  website  www.cio.com 
subscriber  services  866  354-1125  •  Fax  847  564-9453  •  E-mail  cio@omeda.com 
reprint  services  Jesse  Levy  •  PARS  International  •  212  221-9595  xl23  •  E-mail  jesse@parsintl.com 
rights  and  permission  Yadira  Pizarro  •  212  221-9595  Ext,  231  •  E-mail  yadira@parsintt.com 


1  6 


OCTOBER  1,  2005  |  www.cio.com 


“Guardian  uses 
Primavera 
to  run  IT 
like  a  business.” 

—  Dennis  S.  Callahan,  EVP  and  CIO 

The  Guardian  Life  Insurance  Company  of  America 

“Since  2000,  we’ve  cut  our  IT  budget  30% 
while  increasing  the  level  of  service  to  our 
business  units. 

Guardian’s  IT  operations  are  business-driven,  not 
technology-driven.  Our  business  units  define  their 
business  needs,  and  those  needs  drive  IT  investment 
strategies  and  plans.  With  Primavera’s  solution  for 
project,  resource  and  portfolio  management,  we  can 
judge  every  request  and  project  in  progress  against 
how  it  meets  predefined  business  requirements. 

We  don’t  waste  money  on  projects  that  don’t  give 
us  the  best  business  return  on  investment. 

Now,  our  business  units  and  IT  have  the  same 
objectives,  the  same  agenda,  the  same  priorities. 
Primavera’s  software  solution  plays  a  major  role 
in  making  that  happen.” 

PRIMAVERA 


: 


View  the  Guardian  video 
and  learn  more  about  other 
Primavera  customer  success  stories 
at  www.primavera.com/guardian. 


t 

.  t  ■  • 


il  v 


With  Sybase®  software,  Hyundai  Department  Stores  created 
a  point-of-sale  solution  that  eliminates  cash  registers  and: 


s'  Processes  credit-card  transactions  from  anywhere  in  the  store, 

improving  customer  shopping  experiences  and  purchase  totals 

2  Reduces  total  point-of-sale  hardware  costs  by  40%,  allowing  IT 
budgets  to  be  used  for  other  priorities 


□"  Greatly  improves  sales  tracking  across  the  13-store  network, 

enabling  management  to  efficiently  staff  personnel  as  needed 


Want  to  see  the  future  of  retail?  Where  customers  receive  personalized  shopping  experiences.  And  in  return,  show  their  loyalty  through 
more  return  visits  and  higher  purchase  totals.  It's  happening  now  at  Hyundai  Department  Stores  in  South  Korea.  Thanks  to  Sybase  Adaptive 
Server®  Anywhere  and  SQL  Anywhere®  software,  this  13-store  chain  has  an  information  edge  that  enables  salespeople  to  better  assist 
customers,  check  inventories  and  capture  signatures  on  the  spot.  It's  changed  the  way  customers  view  Hyundai.  And  it’s  causing  many 
companies  to  view  Sybase  software  as  something  they  can't  live  without,  www.sybase.com/infoedge3 


Copyright  ©2005  Sybase,  Inc.  All  rights  reserved.  Sybase,  the  Sybase  logo,  Adaptive  Server  and  SQL  Anywhere  are  trademarks  of  Sybase,  Inc.  •  indicates  registration  in  the 
United  States  of  America.  All  product  and  company  names  are  trademarks  of  their  respective  owners. 


Sybase 


READER  FEEDBACK 


InBox 


Business  Should  Own 
the  Implementation 

I  am  writing  in  regard  to  “IT’s  Hardest 
Puzzle”  [July  15].  During  my  tenure  in  the 
IT  organization  of  a  large,  global  electron¬ 
ics  manufacturer,  I  managed  multiple 
SAP  projects  across  several  countries.  We 
prided  ourselves  on  fast-paced,  concurrent 
implementations. 

A  typical  implementation  entailed 
taking  a  piece  of  the  business,  mapping 
its  processes  to  a  global  template,  mini¬ 
mally  adding  or  changing  functionality 
to  address  new  requirements,  and  going 
through  iterative  rounds  of  integrated 
tests  and  data  loads. 

Each  iteration  included  core  technology 
teams,  regional  support  teams  and  business 
unit  teams  working  together.  Business  sign- 
off  was  inherent  as  a  good  number  of  busi¬ 
ness  folks  were  made  an  integral  part  of  the 
project  up  front.  The  result  was  a  powerful 
team  with  the  authority  to  make  sweeping 
changes  to  processes  in  order  to  meet  busi¬ 
ness  needs  for  the  implementations,  with¬ 
out  compromising  the  global  system  and 
process  integrity. 

SANJIV  GUPTA 

VP,  Customer  Solutions,  Enlighta 
sanjiv@enlighta.com 


Until  Global  Giant's  senior  manage¬ 
ment  commits  to  instituting  a  culture 
change  that  rewards  what  is  being  referred 
to  as  unnatural  levels  of  cooperation  among 
both  groups  and  individuals,  the  company 
will  fail  at  the  vast  majority  of  its  strategic 
initiatives.  The  central  question  is:  Should 
the  CIO  proactively  put  in  place  collabora¬ 
tive  tools  that  promote  unnatural  levels 
of  cooperation  among  diverse  functional 
groups,  or  should  the  CIO  wait  for  the 
CEO,  COO  and  CFO  to  act? 

Any  corporate  initiative  that  requires 
operational  changes  supported  by  new 
enterprise  applications  will  require  the 
CIO  to  do  more  than  correctly  install  the 
underlying  technologies.  To  think  other¬ 
wise  is  naive— even  in  a  CRM  installation 
where  the  vice  president  of  sales  is  the 
executive  sponsor.  In  the  past,  industry 
gurus  have  recommended  the  CIO  make 
decisions  as  he  or  she  believes  the  CEO 
would  make  them.  But  in  today’s  complex 
business  environment,  even  the  CEO  is 
highly  challenged  to  make  correct  opera¬ 
tional  and  tactical  decisions. 

The  lesson  the  CIO  should  have  learned 
from  both  the  ERP  and  CRM  efforts  is 
that  without  a  means  to  identify,  escalate, 
document  and  openly  resolve  conflicts, 
any  major  change  initiative  will  fail.  The 
CIO  now  has  the  opportunity  to  use  next- 
generation  collaborative  technologies  to 
solve  this  critical  problem.  These  new 
technologies  assure  management  involve¬ 
ment  and  timely  team  member  participa¬ 
tion  and  sign-off— the  keys  to  success. 

JOHN  LOGAN 

President,  Obian 
jlogan@obian.com 

New  Mind-Set  for 
Knowledge  Workers 

In  "Bricklayers  or  Architects?" 

[Aug.  1],  Gary  Beach  asks  what  we  can 


do  to  make  a  difference  in  the  U.S.  educa¬ 
tion  crisis. 

First,  we  must  change  the  mind-set 
of  the  individual  knowledge  worker. 
Whether  you  are  moving  from  company 
to  company  or  project  to  project,  you 
should  have  a  skill  portfolio  that  can  be 
transferred  easily.  Job  erosion,  evolving 
business  models  and  technology  change 
are  here  to  stay,  and  the  long-range  risks 
and  costs  of  comfortable  inaction  are 
deadly  to  your  career. 

Also,  we  must  address  the  develop¬ 
ment  of  skills  for  our  youth.  In  the  days 
of  old,  careers  and  skills  could  be  devel¬ 
oped  over  a  long  period  of  time  with 
apprentice-type  programs.  Our  current 
environment  does  not  provide  the  time 
to  build  anything  beyond  basic  skills. 
More  importantly,  organizations  don’t 
care  what  I  did  five,  10  or  15  years  ago. 
This  myopic  view,  and  the  continuous 
evolution  of  the  technology  environment, 
requires  adaptability,  not  conformity. 

Finally,  we  must  raise  the  standard  by 
which  we  measure  ourselves.  I  am  always 
amazed  when  so  many  parents  say  they 
have  gifted  kids.  They  can’t  all  be  gifted, 
and  the  only  area  in  which  our  children 
are  leading  the  world  is  in  thinking  that 
they  are. 

It’s  not  only  the  teacher’s  support  but 
also  the  environment  and  community 
support  that  needs  to  be  addressed. 

R.  TODD  STEPHENS,  PH.D. 

Technical  Director 
BellSouth  Corp. 
todd.stephens@bellsouth.com 


What  Do  You  Think? 


Send  your  thoughts  and  feedback  to 
letters@cio.com.  Letters  may  be  edited  for 
length  or  clarity.  For  a  link  to  the  articles 
mentioned,  go  to  www.cio.com/100105 

cio.com 


20 


OCTOBER  1,  2005  |  www.cio.com 


INTRODUCING  POSTINI  INTEGRATED  MESSAGE  MANAGEMENT 


The  corporate  messaging  landscape  is  changing.  New  threats  from  Instant  Messaging,  new 
requirements  for  message  archiving  and  compliance,  more  diverse  user  needs — all  demand  better 
solutions  for  securing  your  electronic  communications.  Introducing  Postini  Integrated  Message 
Management.  One  comprehensive,  flexible,  trusted  managed  service  that  protects  your  messages 
without  burdening  your  IT  infrastructure. 


TO  LEARN  MORE,  DOWNLOAD  A  FREE  WHITE  PAPER,  “SECURING  YOUR  ELECTRONIC  COMMUNICATIONS  WITH 
INTEGRATED  MESSAGE  MANAGEMENT,"  ATWWW.POSTINI.COM/CI,  OR  CALL  US  AT  888.584.3150. 


postini 


' 'tfM 


■  ■ 


.  -  - 


INTEGRATED  MESSAGE  MANAGEMENT 


SECURITY  •  COMPLIANCE  •  AVAILABILITY  •  VISIBILITY 


©  Copyright  2005.  Postini  and  the  Postini  logo  are  registered  trademarks  of  Postini,  Inc.  All  other  trademarks  listed  in  this  document  are  the  property  of  their  respective  owners. 


INCREASING  THE  VALUE  OF 
TECHNOLOGY  INVESTMENTS 


what  will  SAS  software  mean  for  you1 


SAS'  software  delivers  one  powerful  business  intelligence  and  analytics  platform  for  gaining  greater 
return  on  intelligence  —  in  less  time.  For  nearly  30  years,  SAS  has  been  helping  companies  gain  answers 
to  their  most  pressing  business  questions  and  address  their  most:  challenging  issues... taking  them 
Beyond  BIT  Find  out  why  94%  of  the  FORTUNE  Global  500  rely  on  SAS  to  increase  profits,  reduce  costs, 
manage  risk  and  optimize  performance. 


www.sas.com/value 


SAS  and  all  other  SAS  Institute  Inc.  product  or  service  names  are  registered  trademarks  or  trademarks  of  SAS  Institute  Inc.  in  the  USA  and  other  countries.  ®  indicates  USA  registration.  Other  brand  and  product  names  are  trademarks  of  their  respective  companies. «  1 2005  SAS  Institute  Inc.  All  rights  reserved.  323809US.0305 


PHOTO  BY  CHIP  SOMODEVILLA/GETTY  IMAGES  NEWS;  ILLUSTRATION  BY  CLAY  SISK 


trendlines 

EDITED  BY  ELANA  VARON  NEW  *  HOT  *  UNEXPECTED 


John  Roberts  was 

nominated  to  replace  Chief 
Justice  William  Rehnquist, 
who  died  last  month. 


Doing  Justice  to 
Technology 

In  IT  cases,  Roberts  gets  technical  details  right 

law  John  Roberts  gets  IT. 

So  say  lawyers  who  have  worked  with  or  argued  cases  before  Roberts,  President 
Bush’s  choice  to  become  chief  justice  of  the  Supreme  Court  (his  confirmation  hear¬ 
ings  were  in  progress  at  press  time).  Roberts,  who  once  represented  19  states  in 
their  antitrust  lawsuit  against  Microsoft,  is  known  for  his  ability  to  apply  simple 
legal  principles  to  complex  technology  cases. 

Assuming  he  is  confirmed  as  expected,  Roberts  joins  the  Supreme  Court  as  it 
begins  a  new  term  this  month.  His  approach  to  IT-related  cases  should  be  welcome 
to  CIOs— who  can  be  the  victims  of  murky  rulings. 

As  a  judge  with  the  U.S.  Court  of  Appeals,  Roberts  presided  over  a  2003  case 
in  which  the  Recording  Industry  Association  of  America  sought  to  subpoena 
Verizon’s  Internet  subscriber  records  to  track  suspected  music  pirates.  The 
question  in  the  case  was  whether  Verizon  as  an  Continued  on  Page  24 


Bluetooth's  Ghost 


MOBILE  TECHNOLOGY 

If  you  happen  to  heara  disem¬ 
bodied  computer  voice  telling  you 
to  drive  carefully  next  time  you're 
behind  the  wheel,  you’ve  proba¬ 
bly  met  the  Car  Whisperer. 

Car  Whisperer  is  software 
that  can  trick  the  Bluetooth 
systems  installed  in  some  cars 
into  connecting  with  a  Linux 
computer.  It  was  developed 
by  Trifinite. group,  a  nonprofit 
organization  of  European  wire¬ 
less  security  experts,  as  a  way 
of  illustrating  the  security  short¬ 
comings  of  some  Bluetooth  sys¬ 


tems,  says  Martin  Herfurt,  one 
of  Trifinite’s  founders. 

Car  Whisperer  takes  advan¬ 
tage  of  the  fact  that  many  Blue¬ 
tooth  systems  require  only  a 
four-digit  security  key— often  a 
number  such  as  1234  or  0000- 
in  order  to  grant  system  access 
to  mobile  devices  such  as  a 
telephone.  Using  Car  Whisperer 
and  a  directional  antenna  that 
allowed  him  to  extend  the  range 
of  his  Bluetooth  connections  to 
about  a  mile,  Herfurt  was  able  to 
use  his  Linux  laptop  to  listen  in 
on  two  out  of  five  cars  he  was 


able  to  connect  to. 

“If  I  had  been  following 
the  car,  I  would  have  been 
able  to  eavesdrop  for  a  longer 
time,"  he  says. 

Herfurt  says  a  hacker  couldn’t 
do  something  really  serious  such 
as  disable  airbags  or  brakes.  But 
Trifinite  is  studying  whether  an 
attacker  could  do  anything  more 
than  listen  or talktoa  driver 
(access  a  telephone  address 
book,  for  instance). 

The  best  solution  may  be  to 
simply  teach  these  systems 
some  manners.  Herfurt  says  that 


if  the  system  simply  asked  for 
the  driver’s  permission  before 
connecting  with  anything,  the 
Car  Whisperer  would  do  a  lot 
less  whispering. 

-Robert  McMillan 


www.cio.com  |  OCTOBER  1,  2005  2  3 


Into  Africa 


outsourcing  Ghana  isn’t  high 
on  most  CIOs’  lists  of  locations  for 
outsourcing.  Though  the  West  African 
nation  boasts  some  advantages— a 
75  percent  literacy  rate,  English  as  its 
official  language  and  a  stable,  demo¬ 
cratic  government  that  is  developing 
an  IT  policy— there  are  also  many 
obstacles.  For  one  thing,  university  IT 
departments  don’t  teach  the  skills  grad¬ 
uates  most  need  on  the  job,  which 
leaves  training  to  employers. 

The  Trestle  Group  Foundation,  a 
nonprofit  arm  of  the  Trestle  Group 
consultancy,  aims  to  change  that.  The 
foundation’s  mission  is  to  stimulate 
economies  in  underdeveloped  coun¬ 
tries— in  part  by  helping  these  countries 
become  viable  offshore  outsourcing 
destinations.  If  Ghana  and  countries  like 
it  can  develop  their  IT  services  capabili¬ 
ties  sufficiently  to  attract  projects  from 
the  United  States  or  Europe,  then  the 
result  will  include  knowledge  transfer, 
jobs  and  revenue,  says  Dana  B.  Smith, 
executive  director  of  the  Foundation. 

The  organization  has  a  project  in  the 
Philippines,  and  is  considering  pro¬ 
grams  in  India  and  Jordan. 

In  Ghana,  the  Foundation  hopes  to 


help  universities  develop  their  IT 
programs,  reduce  the  cost  of  these 
programs,  as  well  as  set  up  business 
incubators,  says  Juerg  Herren,  a  board 
member.  Herren  recently  returned  from 
a  visit  to  West  Africa  where  he  met 
Daniel  Ashitey,  a  Ghanan  who  went 
home  to  start  an  IT  services  business 
after  12  years  working  as  a  wireless 
engineer,  network  designer  and  consult¬ 
ant  in  the  United  States  and  Canada. 

Ashitey  would  like  the  Foundation  to 
sponsor  lectures  and  conferences  that 
feature  experts  on  IT  best  practices. 

Smith  says  he  would  like  to  engage 
business  executives  from  developed 
countries  as  teachers  or  mentors  for 
Ghanan  IT  professionals  and  young 
businesspeople. 

Of  course,  capabilities  without  clients 
will  do  little  to  help  Ghana’s  young  out¬ 
sourcing  companies.  High  profile 
Ghanans,  like  U.N.  Secretary-General  Kofi 
Annan,  could  be  a  critical  force  in  driving 
IT  work  home,  says  Michael  L.  Best,  an 
assistant  professor  with  the  Sam  Nunn 
School  of  International  Affairs  at  Georgia 
Tech.  "Ghana  needs  to  put  some  effort 
into  its  brand,  just  as  India  did,"  he  says. 

-Stephanie  Overby 

f 


RESOURCES 


Top  5  Ways  to  Waste 
Your  IT  Staff's  Time* 


O 

o 

o 

o 

0 


C*according  to  them) 

Sarbanes-Oxley  compliance 
Deployment  of  unproven  technologies 
Purchase  of  unneeded  technologies 
Supporting  outdated  technologies 
Dealing  with  external  consultants 


Chief  Justice 

Continued  from  Page  23 


ISP  had  to  respond  to  such  subpoenas. 
The  decision  hinged  on  whether  Veri¬ 
zon’s  position  as  a  conduit  for  a  peer- 
to-  peer  network  was  any  different 
from  its  hosting  the  files  itself. 

Andrew  McBride,  a  partner  with 
Wiley  Rein  &  Fielding  who  represented 
Verizon,  says  Roberts  “understood  the 
difference  between  a  peer-to-peer  net¬ 
work  and  [hosting  an]  FTP  site.” 

The  court 
ruled  Verizon 
did  not  have 
to  answer  the 
subpoenas. 
During  oral 
arguments, 
Roberts  made 
the  point  that 
Chief  Justice  nominee  if  someone 

JOHN  ROBERTS  exposes  a  file 

through  a 

peer-to-peer  network,  that  person  is 
not  culpable  for  that  file  being  used 
illegally,  just  as  someone  who  leaves 
the  door  to  a  library  open  is  not  culpa¬ 
ble  for  violating  a  copyright  if  someone 
copies  the  books  inside.  This  line  of 
thinking  became  the  foundation  for 
the  decision. 

Roberts’s  nomination  could  have  an 
impact  on  future  technology-related 
cases  because  of  the  chief  justice’s 
power  to  decide  who  writes  the  opinion 
in  cases  where  he’s  in  the  majority,  says 
Andrew  Bridges,  a  copyright  and  intel¬ 
lectual  property  litigator  with  Winston 
&  Strawn. 

It  remains  to  be  seen,  Bridges  says, 
whether  Roberts  will  be  a  judicial 
activist  in  such  cases  or  whether  he 
will  avoid  legislating  from  the  bench 
and  stepping  on  Congress’s  toes. 

These  philosophies  were  at  odds 
in  the  recent  MGM  v.  Grokster  case, 
in  which  the  high  court  ruled  that  ven¬ 
dors  of  peer-to-peer  software  could  be 
sued  if  they  encouraged  illegal  copying, 
although  the  software  itself 
wasn’t  illegal. 

-Ben  Worthen  and  Grant  Gross 


H 

S 

n 

Z 

a 

r 

M 

z 

n 

cn 


24  OCTOBER  1,  2005  |  www.cio.com 


PHOTO  TOP  COURTESY  OF  U  S.  COURT  OF  APPEALS  FOR  THE  DISTRICT  OF  COLUMBIA  CIRCUIT:  BOTTOM  BY  CORBIS 


SCHRAGE  ON  WHY  REPORTING  TO  THE  CFO  CAN  BE  GOOD  «»»• 


.T.  AND  CIOs ' 


TWt  BtSOURCt  FOR 


OUT 


M  , 

Z»D»TEP»*H.IOV.«'' 

^©jjsjSrSR-  ffl{3  A' 

I  ^^MUogu  OK!' ' 

astray  offshore  »» 


www.cio.com 

This  is  a  domestic  rate  only  (US  and  Canada). 

The  foreign  rate  is  $195.00  prepaid  in  U.S.  currency. 


SUBSCRIBE  TODAY! 

Yes,  please  enter  my  one-year  subscription 
(23  issues)  to  CIO  magazine,  and  bill  me  later 
for  $95.00! 


Name 


Title 


Company  Name 


Address 


City 


State  Zip 


□  Bill  me  □  Bill  my  credit  card  □  MC  □  VISA  □  AMEX 


Account  Number  Expiration  date 


Signature 


CIN05 


NO  POSTAGE 
NECESSARY 
IF  MAILED 
IN  THE 

UNITED  STATES 


BUSINESS  REPLY  MAIL 

FIRST-CLASS  MAIL  PERMIT  NO.  1020  FRAMINGHAM  MA 


POSTAGE  WILL  BE  PAID  BY  ADDRESSEE 


MIK 

ATTN:  CIRCULATION  DEPARTMENT 
PO  BOX  9208 

FRAMINGHAM  MA  01701-9486 


ADVERTISING  SUPPLEMENT 


Companies  find  selective 
outsourcing  key  to  synching  up 
business  strategies  and  IT  operations 


HE  RELATIONSHIP  BETWEEN  THE 
Midwest  manufacturer  and  the  big  outsourcer 
that  was  running  all  the  manufacturer’s  IT  operations  had 
soured.  The  manufacturer’s  expected  cost  savings  never  materi¬ 
alized.  Service  levels  fell  short  of  user  requirements,  particular¬ 
ly  as  business  conditions  changed.  Plus,  the  outsourcer  was 
proving  inflexible  and  reluctant  to  make  changes  to  the  original 
contract  in  response  to  rapidly  shifting  business  conditions. 

Moreover,  the  manufacturer  had  made  a  strategic  decision  to 
take  back  certain  key  applications  that  were  in  essence  the  heart 
and  soul  of  the  business,  but  it  still  wanted  to  outsource  some 
legacy  mainframe  operations.  The  answer  to  this  problem  was 
at  hand:  Terminate  the  mega-outsourcing  deal  and  selectively 
outsource  the  legacy  applications  to  a  mid-tier  provider,  which 
just  happened  to  equip  its  data  centers  with  the  current  genera¬ 
tion  of  hardware  and  network  technology. 

There  is  an  undeniable  trend  in  outsourcing.  From  anecdotal 
evidence  such  as  the  bitter  cancellation  of  a  billion-dollar-plus, 
mega-outsourcing  deal  between  a  major  retailer  and  its  service 
provider,  to  IDC’s  research  showing  the  average  size  of  outsourc¬ 
ing  deals  dropping  significantly  even  as  total  outsourcing  rises, 
a  new  reality  is  emerging.  Users  are  shying  away  from  the  big, 
all-or-nothing  outsourcing  deals  and  embracing  selective  out¬ 


sourcing  to  boost  flexibility,  while  keeping  some  business-criti¬ 
cal  applications  and  systems  in-house. 

In  fact,  broad  surveys  and  research  conducted  recently  by 
Deloitte  Consulting  and  by  Saugatuck  Technology  as  well  as  IDC 
all  point  in  the  same  direction.  Earlier  this  year,  Deloitte  studied 
25  large  companies  with  a  combined  total  of  $50  billion  in 
mega-deal  outsourcing  contracts.  Fully  25%  of  these  companies 
had  decided  to  bring  some  outsourced  functions  back  in-house. 

Deloitte  found  further  that  in  these  mega-deals,  the  service 
providers’  “structural  advantages  do  not  always  translate  into 
cheaper,  better,  faster  services.”  Deloitte  went  on  to  forecast  that 
companies  will  become  more  “selective”  about  their  outsourcing 
deals — for  example,  engaging  in  deals  where  the  outsourcing 
provider  takes  systems  being  phased  out  while  the  in-house 


Custom  Publishing 


infocrossing 


ADVERTISING  SUPPLEMENT 


The  Power  Of  Selective  Thinking 

Network  giant  tunes  into  Infocrossing  to  reap  across-the-board  benefits 


A  leading  televi¬ 
sion  and  media 
company  found 
itself  in  an  increas¬ 
ingly  common  situa¬ 
tion  a  couple  years 
ago-namely,  disen¬ 
chanted  with  a 
mega-outsourcing 
deal  it  had  inked 
previously.  Part  of 
that  deal  involved 
the  outsourcer’s 
running  a  business- 
critical  system  that 
handled  key  applications, 
including  running  the  network’s 
programming  and  advertising 
sales  processing. 

The  company  felt  it  was  not 
getting  the  entire  bang  for  the 
buck  from  its  arrangement  with 
this  Tier  1  outsourcer.  The  com¬ 
pany  also  wanted  a  more  flexi¬ 
ble  relationship  in  which  the 
outsourcer  is  amenable  to  mak¬ 
ing  changes  to  the  initial  con¬ 
tract  in  response  to  shifting 
business  conditions. 

“For  this  company,  selective 
outsourcing  just  made  a  lot  of 
sense,”  recalls  Vince  DeLuca, 
senior  vice  president  at 
Infocrossing.  “They  wanted 
flexibility,  better  cost  savings,  a 
targeted  infrastructure  for  their 
discrete  applications,  and  gen¬ 
erally  a  more  professional  and 
positive  relationship  with  an 
outsourcing  provider.” 

After  distributing  an  RFP  for  a 
selective  outsourcing  engage¬ 
ment,  the  company  whittled  the 
list  down  to  three  contenders 
before  settling  on  Infocrossing. 
“We  were  able  to  align  our  price 
points  to  match  with  their  tar¬ 


geted  infrastructure  and  appli¬ 
cations,”  DeLuca  says. 

“Beyond  price,  we  engaged 
with  them  by  aligning  our  exec¬ 
utives  and  staff  at  all  levels  with 
their  key  people.  That  provided 
us  touch-points  throughout 
their  organization  so  we  could 
really  understand  their  business. 
Plus,  we  accommodated  the 
changes  they  made  from  their 
initial  RFP.” 

THE  HARD  PART  BEGINS 

Winning  this  selective  outsourc¬ 
ing  contract  was  one  thing. 
Transitioning  the  system  over  to 
Infocrossing’s  stewardship  in 
the  timeframe  required  would 
prove  more  daunting. 

For  example,  Infocrossing  had 
to  work  with  the  outgoing 
provider  to  gather  data  on  key 
aspects  of  the  operations, 
including  the  amount  of  capaci¬ 
ty  needed  to  run  the  applica¬ 
tions.  That  data  proved  to  be 
inaccurate,  as  Infocrossing  staff 
quickly  realized  the  configura¬ 
tion  it  planned  to  build  would 
not  handle  peak  workloads.  Yet 
Infocrossing  was  still  able  to 


dynamically 
increase  capacity 
without  any  disrup¬ 
tion  to  ongoing 
business. 

The  greater  chal¬ 
lenge  would  be 
meeting  the  transi¬ 
tion  schedule. 
“They  basically 
gave  us  three 
weeks  to  do  what 
usually  takes  us 
60-90  days,” 
recalls  DeLuca. 
“We  took  a  deep  breath,  rolled 
up  our  sleeves,  and  got  to  work. 
We  got  the  job  done  too,  on 
schedule,  with  no  significant 
problems  along  the  way.” 

Infocrossing  has  managed  the 
system  since  the  beginning  of 
2005,  and  the  media  and  net¬ 
work  company  has  already  real¬ 
ized  several  important  benefits. 
Infocrossing  began  by  running 
these  applications  on  a  new- 
generation  processor,  providing 
immediate  application  through¬ 
put  and  performance  benefits 
while  virtually  eliminating  some 
of  the  peak-load  latency  in  pro¬ 
cessing  common  with  the  for¬ 
mer  system. 

Infocrossing  also  has  been 
able  to  accommodate  changes 
the  company  requested,  in  most 
cases  with  total  transparency 
and  ease.  In  addition, 
Infocrossing  also  has  been  able 
to  deliver  the  cost  benefits  the 
company  sought  all  along. 

“We’re  poised  to  take  on 
additional  work  now,  because 
this  initial  implementation  has 
worked  so  well,”  DeLuca  con¬ 
cludes. 


ADVERTISING  SUPPLEMENT 


staff  brings  new  technology  on  line.  Also,  a  selective  outsourcing 
arrangement  can  offer  strategic  help  with  key  functions  such  as 
new  technology  assimilation.  This  allows  a  company  to  gain 
access  to  next-generation  technology  without  the  accompany¬ 
ing  heavy  capital  investment. 

SURVEY  SAYS:  SELECTIVE  OUTSOURCING’S  BIG 

Meanwhile,  a  series  of  Saugatuck  surveys  of  CIOs,  CFOs,  and 
line-of-business  executives  through  this  year  “continues  to  show 
increasing  interest  in,  and  spending  on,  targeted,  selective  IT 
and  business  process  outsourcing  deals,”  says  Bruce  Guptill, 
managing  director  at  Saugatuck.  What  the  research  firm  labels 
“strategic  sourcing”  is  “an  integral  part  of  defining  and  realizing 
competitive  advantage,”  according  to  the  Saugatuck  study 
“Outsourcing  Transformed:  New  Models  and  Methods  2005- 
2010.”  Like  Deloitte,  Saugatuck  urges  user  companies  to  look 
beyond  the  mere  cost-cutting  benefits  of  selective  outsourcing 


deals  and  focus  instead  on  the  potential  strategic  benefits  as 
they  relate  to  overall  corporate  strategy. 

“Organizations  see  increased  business  value  by  outsourcing 
specific,  non-core  aspects  of  their  business — from  IT  applica¬ 
tions  to  business  functions,”  says  Guptill.  “With  selective  out¬ 
sourcing,  user  executives  can  treat  IT  and  business  process 
operations  as  they  would  any  other  set  of  scalable  resources,  to 
be  utilized  and  paid  for  on  an  as-needed  basis.  We’ve  moved 
from  the ‘all  or  nothing’  outsourcing  environment  to  a  business- 
value-specific  environment.  Business  models  have  changed 
from  squeezing  the  fruit  to  planting  the  seeds  of  future  growth.” 

The  dissatisfaction  with  large-scale  outsourcing  and  growing 
interest  in  selective  outsourcing  is  “not  new,”  according  to  Jeff 
Kaplan,  managing  director  of  THINKstrategies,  Inc. 

“These  large-scale  contracts  are  often  signed  when  IT  opera¬ 
tions  are  broken  and/or  user  frustrations  are  high,”  says  Kaplan. 
“Under  these  circumstances,  many  enterprises  don’t  have  a  real- 


Delivering  the  power  of  selective  outsourcing 

Flexibility,  control,  and  savings  are  hallmarks  of  Infocrossing's  services 


Tom  Laudati  recalls  one  cus¬ 
tomer  whose  infrastructure 
included  a  mainframe  and  some 
rapidly  aging  open-systems  plat¬ 
forms.  As  senior  vice  president  of 
enterprise  engineering  at 
Infocrossing,  a  leading  provider 
of  selective  outsourcing  services, 
Laudati  was  asked  by  the  cus¬ 
tomer  to  develop  strategies  for 
improving  this  infrastructure. 

“They  initially  wanted  to  contin¬ 
ue  expanding  the  open-systems 
platforms,  but  we  knew  from 
other  customer  experiences  that 
this  customer  would  benefit 
greatly  from  something  they 
hadn’t  considered-namely, 
blade  servers,”  Laudati  says. 

“We  worked  out  a  transitional 
outsourcing  deal  with  them  that 
got  them  moving  toward  the 
new  technology  while  they 
phased  out  the  old.” 

This  example  typifies  the  many 
and  varied  benefits  Infocrossing’s 
customers  have  derived  from 
their  relationship  with  this  leading 
mid-tier  outsourcing  provider.  In 
business  for  over  20  years  with 


customers  in  virtually  every 
vertical  market,  Infocrossing 
today  features  a  national  data 
center  infrastructure  that  is  the 
foundation  of  its  extensive 
capabilities  in  providing  unique, 
customer-centric  selective 
outsourcing  solutions. 

By  leveraging  its  enterprise 
software  license  agreements 
and  its  extensive  investments  in 
hardware  and  communications 
lines  at  its  three  data  centers, 
Infocrossing  can  offer  some  of 
the  most  competitive  deals 
available. 

DELIVERING  FLEXIBILITY 
AND  STRATEGIC 
SOLUTIONS 

“One  intangible  yet  important 
benefit  to  customers  is  flexibility 
in  terms  of  the  breadth  of  solu¬ 
tions  we  offer,  starting  with  our 
spending  all  the  time  necessary 
to  understand  a  customer’s 
unique  situation,”  says  Vince 
DeLuca,  senior  vice  president  at 
Infocrossing.  “We  also  keep  our 
own  cost  structure  and  service  at 


exceptional  levels  by  standardiz¬ 
ing  where  we  can  internally,  but 
adding  the  greatest  value  by 
adapting  our  solutions  to  individ¬ 
ual  customers.” 

Among  the  services  Infocrossing 
offers  are  the  following: 

■  Mainframe  outsourcing  tailored 
to  meet  specific  business  objec¬ 
tives  with  capabilities  to  audit 
existing  operations  and  recom¬ 
mend  ways  to  maximize 
performance,  reliability,  and 
efficiency. 

■  iSeries  and  AS/400  outsourc¬ 
ing  on  a  24x7x365  basis, 
including  expert  help  codifying 
and  documenting  critical  per¬ 
formance  and  system  data. 

■  Managed  security  and  managed 
application  services,  including 
the  integration  of  enterprise 
resource  planning  (ERP) 
solutions. 

■  Open  systems  management 
that  gives  users  the  freedom  to 
define  specific  services  for  their 
Microsoft,  Linux,  and  UNIX  sys¬ 
tems  that  map  directly  to  busi¬ 
ness  needs. 


ADVERTISING  SUPPLEMENT 


Put  another  way,  selective  outsourcing  can  be  the  business 
strategist’s  best  friend.  It  allows  a  company  to  hold  fast  to  its  most 
vital  applications  and  focus  key  staff  on  emerging  opportunities 
while  overall  operations  hum  along  at  peak  performance. 


istic  sense  of  what  to  expect  from  their  IT  operations.  And  out¬ 
sourcers  compete  so  aggressively  for  long-term  outsourcing 
contracts  that  they  fail  to  fully  understand  the  nature  of  the  IT 
problems  or  to  set  realistic  expectations.” 

ADDING  UP  THE  BENEFITS 

On  the  other  hand,  selective  outsourcing,  which  Kaplan  calls 
out-tasking,  has  several  significant  potential  benefits. 
According  to  Kaplan,  these  benefits  include: 

■  The  ability  to  test  satisfaction  with  the  outsourcing  process 
in  a  phased  approach,  expanding  the  scope  of  outsourcing 
incrementally  to  mitigate  risk 

■  Being  able  to  more  effectively  identify  corporate  objectives 
and  IT  requirements  and  set  more  realistic  performance 
objectives 

■  The  capability  to  better  monitor  the  outsourcer’s  perform¬ 
ance,  identify  and  resolve  potential  problems  more  quickly, 
and  increase  the  likelihood  of  success 

■  Reducing  risks  and  costs  associated  with  contract  disputes 
while  increasing  add-on  business  opportunities  and  prof¬ 
itability 

Concludes  Kaplan,  “THINKstrategies  has  long  believed  that 
selective  outsourcing  is  a  more  effective  method  of  offloading 
portions  of  an  enterprise’s  IT  operations  to  a  third  party  with 
more  realistic  and  attainable  performance  objectives  in  mind.” 

But  ultimately,  selective  outsourcing  is  the  right  strategic 
choice  for  many  companies.  Vincent  DeLuca  is  senior  vice 
president  at  Leonia,  New  Jersey-based  Infocrossing,  a  leading 
provider  of  selective  IT  outsourcing  solutions.  With  15  years’ 
experience  under  his  belt  providing  client  services  to  user 
companies,  DeLuca  has  seen  outsourcing  evolve  from  its  earli¬ 
est  stirrings  to  the  current  trend  toward  selective  outsourcing. 

DeLuca  says  that  when  considering  selective  outsourcing, 
companies  are  often  looking  to  solve  a  particular  business 
problem  apart  from  the  more  traditional,  all-encompassing 
outsourcing  deals  that  seem  to  be  fading  into  history.  These 
selective  outsourcing  aficionados  often  are  in  positions 
where  they  are  trying  to  focus  their  IT  resources  on  emerging 
opportunities  such  as  new  services,  while  at  the  same  time 
keeping  existing  systems  running  at  peak  efficiency.  For  these 
companies,  selective  outsourcing  provides  a 
way  to  let  ever-scarce  IT  resources  be 
deployed  more  strategically  while  the  selec¬ 
tive  outsourcing  partner  tends  to  other  key 
operational  systems. 


KEEPING  IT  STRATEGIC 

Once  applications  are  up  and  running  on  the  newer  platforms, 
companies  like  Infocrossing  can  manage  those  as  well,  keeping 
the  in-house  development  staff  continuously  focused  on  lead¬ 
ing-edge  application  development — if  that  is  what  the  user 
company  chooses. 

“The  obvious  benefit  is  deployment  of  in-house  staff  to 
more  strategic  projects,”  DeLuca  says.  “The  user  company  also 
gains  the  benefits  of  the  outsourcing  partner’s  economies  of 
scale  for  optimal  cost  containment.”  DeLuca  observes  that 
selective  outsourcing  is  particularly  appealing  to  mid-cap 
companies,  which  haven’t  attained  enough  maturity  in  their 
infrastructure  operating  model  to  realize  significant 
economies  of  scale  on  their  own. 

Selective  outsourcing  agreements  by  their  nature  are  short¬ 
er  in  term  than  the  mega-outsourcing  deals,  usually  running 
3-5  years.  This  is  important  because  longer-term  contracts 
have  to  be  modified,  often  significantly,  to  accommodate 
unforeseen  changes  in  the  user’s  business  environment  or 
overall  business  conditions. 

With  selective  outsourcing,  service-level  agreements  (SLAs) 
can  be  more  precise  and  accurate  and  therefore  more  mean¬ 
ingful  than  in  the  mega-deal  contracts,  for  the  simple  reason 
that  these  agreements  are  covering  smaller  and  more  clearly 
defined  areas  of  operation.  Meanwhile  selective  outsourcing 
allows  users  to  maintain  certain  applications  and  systems  in- 
house,  which  is  where  experts  loudly  proclaim  they  belong. 
That  is  because  these  applications  and  systems  are  completely 
intertwined  and  integrated  with  the  core  business  processes 
they  support. 

Tom  Laudati,  Chief  Technology  Officer  at  Infocrossing, 
perhaps  sums  it  up  best  regarding  the  trend  toward  selective 
outsourcing  and  its  many  benefits.  “Having  the  right  IT 
infrastructure  partner  allows  a  company  to  focus  on  its  core 
business  applications;  these  are  often  the  very  rules  of  how  a 
company  conducts  business.  Most  CIOs  and  their  bosses, 
too,  obviously  want  to  keep  control  of  them.  We  can  focus  on 
the  operating  systems  and  the  hardware  required  to  run 
these  applications,  and  the  customer  can  focus  on  running 
its  business.” 

Put  another  way,  selective  outsourcing  can  be  the  business 
strategist’s  best  friend.  It  allows  a  company  to 
hold  fast  to  its  most  vital  applications  and 
focus  key  staff  on  emerging  opportunities 
while  overall  operations  hum  along  at  peak 
performance. 


For  additional 
information  on  selective 
outsourcing,  visit  us  at 
www.infocrossing.com 

v  infocrossing™ 


cal  I  for  entries 


I NUI I  III  ItJtlbbl  IUUI_ 

currently  be  top  IT 
lieutenants— but  not 
yet  full-fledged  CIOs. 


Candidates  will  be 
nominated  by  their  CIO  based 
upon  the  characteristics  iden¬ 
tified  in  the  application  at 
www.cio.com/awards. 
Candidates  may  also 
nominate  themselves  or 
be  nominated  by  another, 
but  all  nominations  must 
be  endorsed  by  a  CIO. 

A  panel  of  leading  CIOs  will 
judge  the  nominees  and 
choose  the  winners,  who 
will  be  featured  in  a  special 
July  issue  of  CIO. 


Presented  by  CIO  magazine  and  the  CIO  Executive  Council 

CIO  Executive  Council 

The  Professional  Organization  for  CIOs 


The  Resource  for 
Information  Executives 


Winners  will  also 
be  honored  at  the  second 
annual  CIO  Leadership 
Conference  in  Boston, 

May  8 -9, 2006. 

We  will 

accept  nominations  from 
Oct.  1- Nov.  30, 2005. 

For  more  information  on 
this  prestigious  award,  go 

to  www.cio.com/awards 


England’s  New 
Patient  Record 
System  Ailing 


health  care  A  study  in  the  British  Med¬ 
ical  Journal  reports  that  an  effort  in  Eng¬ 
land  to  centralize  patient  records  on  a 
standard  IT  system  is  at  risk  because  local 
staff  are  feeling  left  out  of  the  implementa¬ 
tion  process. 

The  multibillion-dollar  project,  called  the 
National  Programme  for  IT  in  Britain’s 
National  Health  Service  (NHS),  promises 
benefits  for  both  patients  and  the  NHS  as  a 
whole.  But  researchers  found  that  staff  at 
four  typical  hospitals  where  the  program  is 
being  implemented  viewed  it  unfavorably, 
mainly  because  of  poor  communication  and 
lack  of  consultation  from  project  headquar¬ 


ters.  In  particular,  staff  members  feel  as  if 
local  needs  and  advice  have  been  ignored. 

If  the  problems  highlighted  in  the 
report  aren’t  addressed,  medical  staff  are 
unlikely  to  use  the  system  fully,  says 
Naomi  Fulop,  professor  of  health  and 
health  care  at  King’s  College  London  and 
one  of  the  report’s  five  authors.  This  could 
lead  to  further  delays  for  the  system  and 
reduce  its  overall  benefits. 

In  that  sense,  the  challenges  the  NHS  is 
facing  are  common  to  any  organization 
implementing  a  broad  new  IT  system,  but 
on  a  bigger  scale.  Hospital  staff  have  shown 
willingness  to  overcome  the  technical  prob¬ 


lems  of  implementing  the  patient  record  sys¬ 
tem,  the  study  found.  However,  they  insist 
that  they  need  help  from  headquarters  to  get 
it  up  and  running.  Hospital  staff  were  also 
uncertain  as  to  when  new  systems  would  be 
implemented,  and  what  local  funding  would 
be  available  to  support  them. 

Initially,  the  NHS  was  to  have  fully 
deployed  an  electronic  patient  record 
system  nationwide  by  2005.  A  revised 
goal  for  the  program  is  to  have  such  a 
system  in  place  in  acute  care  facilities  by 
2008  or  2010,  Fulop  says. 

-Elizabeth  Montalbano  and 
James  Niccolai 


A  Strong  Job  Market  for  CIOs 


on  the  move  The 

average  tenure  of  a  CIO 
in  any  single  job  is  about 
five  years,  according  to 
CIO  research.  So  Joseph 
Eckroth  was  right  on  sched¬ 
ule  when  he  left  Mattel  over 
the  summerfor  a  new  job 
as  senior  vice  president  and 
CIO  of  New  Century  Finan¬ 
cial,  a  real  estate  investment 
trust  based  in  Irvine,  Calif. 

During  the  five  years 
Eckroth  worked  for  Mattel, 
he  was  credited  with  using 
IT  to  boost  the  toy-maker’s  efficiency 
and  slash  costs  companywide  (although 
the  company  is  still  struggling,  its  sales 
were  up  in  the  last  quarter).  He’s  among 
several  CIOs  who  are  benefiting  from  a 
loosening  job  market. 

Patricia  Morrison,  who  had  been  CIO 
with  Office  Depot  for  close  to  three  and  a 
half  years,  decided  to  leave  when  a  new 


CEO,  Steve  Odland,  came  on 
board  last  spring.  Unlike  the 
many  CIOs  who,  during  the 
downturn,  had  to  wait  12  to 
18  months  before  finding  a 
new  job,  Morrison  was 
snatched  up  by  Motorola 
within  four  months. 

And  then  there’s  Frank 
Hood.  In  May  he  left  his  post 
as  CIO  of  Krispy  Kreme 
Doughnuts— which  is  mired 
in  an  accounting  scandal— 
to  take  a  job  with  Quiznos,  a 
rapidly  expanding  chain  of 
sandwich  shops  based  in  Denver. 

Eric  Sigurdson,  who  leads  the  infor¬ 
mation  officers  practice  of  executive 
recruiting  firm  Russell  Reynolds  Asso¬ 
ciates,  has  been  getting  more  business. 
“We’ve  seen  the  volume  of  search  activ¬ 
ities,  the  number  of  assignments  we 
take  on  and  the  billing  associated  with 
recruiting  in  our  information  officers 


JOSEPH 

ECKROTH 


PATRICIA 

MORRISON 


50 

M 

2 

practice  increase  dramatically  this  a 

year  and  last  year,”  he  says.  That's  « 

good  news  for  CIOs  looking  to  extricate  w 

gaCfl 

themselves  from  struggling  companies 
or  take  the  next  step  in  their  careers. 

The  trend  should  help  Kathy  Lane, 
the  CIO  of  Gillette,  once  her  company 
merges  with  Procter  &  Gamble  and 
the  requisite  integration  work  is 
complete.  At  press  time,  according  to 
P&G,  her  post-merger  role  hadn’t 
been  completely  defined.  In  general, 

P&G’s  global  business  units  (of  which 
Gillette  will  be  one  after  the  merger) 
don’t  have  their  own  CIOs.  One  thing 
that  is  certain  is  that  Lane  has  valuable 
experience  to  market  anytime  she 
decides  to,  as  they  say,  pursue  other 
opportunities. 

-Merldith  Levinson 


On  the  Web 


Read  Meridith  Levinson’s  MOVERS  AND 
SHAKERS  blog  for  the  latest  moves.  Find 

it  at  www.cio.com/blogs 

cio.com 


2  6 


OCTOBER  1,  2005  |  www.cio.com 


PHOTO  TOP  BY  COMSTOCK/GETTY  IMAGES 


Given  how  hot  and  slow  our  competitor's  servers  are,  it's  no  surprise  their  name 

RHYMES  WITH  HELL 


THE  NEW  INDUSTRY  STANDARD  X64  SERVERS  FROM  SUN. 


SUN  x64  FACTS: 

FIFTY  PERCENT  FASTER1 

ONE  QUARTER  THE  SIZE 

ABOUT  ONE  THIRD  THE 
POWER  CONSUMPTION 

'CERTIFIED  FOR  THE  TOP  3  OSs 

LESS  THAN  HALF  THE  PRICE 


;  X 

■  ■  ved  AMD,  the  AMD  Arrow  logo,  AMD Opteron,  combinations  i  hereof,  are  trademarks  of  Advanced  Micro  Devices.  Inc. 

www  sun.com/X4100/ben1  hmarU.hr ml,  SPEC  and  the  bent hmark  name  SPECfp  are  registered  trademarks  of  the  Standard  Performance  Evaluation  Corporation'. 

){ 08/  >3/05.  for  the  latest  bem  hmark  results,  visit  http://wivw.spet  .otg/.  the  Sun  fire  X4100  server  (2*  AMI)  Opteron  processor  Model  280,  16  66,  Solaris  to):  SPECfp_tate2000s 
36Hz,  1  MB  L2,  8  MB  13,  16  68,  MS  Windows):  SP£Cfp_rate20Q0  •  52-5-  Son. ’so  suits  were  submitted  to  SPEC. 

■  arwnty,  1  6B  RAM,  no  OS.  Prices  as  lasted:  Sun  Fire  X4100  (2K  280  dual-core,  .’2  GB  disk,  16  6B  DDRl  400,  Solaris  10)  -  S  14.825:  Dell  PE6850  (4x  333  GHz,  36  GB  disk,  16  GB  dual 
533,624-  Pores  as  >',<  8,' 22/OS  usmg  Dell  Enterprise  price  list. 


Sun  Fire"  X4100 


'  SPECfp_rate2000:  79.1 


550  watts 


Solaris,  Linux,  Windows 


$2,195* 


Dell  PE6850 


SPECfp_rate2000:  52.5 


1470  watts 


Linux,  Windows 


$4,899* 


Check  out  our  coot  new  industry  standard 
x64  servers  powered  by  AMD  Opteron'" 
processors.  They  run  Solaris"  (our  favorite), 
Windows  and  Linux.  Visit  sun.com/better. 


soiaris 


lava 

POWERED 


AMD 


Opteron 


Of  Course 
I  Want  Fries 
With  That 


SELF-SERVICE 

Five  complaints  a 
I  day  may  not  seem 
like  a  lot.  But  for 
JWB  Ventures, 
which  operates  13 
Whataburger  restau¬ 
rants  in  Florida, 
getting  that  many 
complaints  about 
wrong  orders  was 
cause  for  concern, 
says  Vice  President 

Bud  Shaw,  who  oversees  technology  and 
operations  for  the  franchises.  In  an  effort  to 
improve  order  accuracy,  Shaw  installed  cus¬ 
tomer  display  screens  from  Radiant  Systems 
on  the  front  counter. 

Customers  view  their  order  onscreen  as  the 
cashier  enters  it,  and  are  asked  to  verbally  ver¬ 
ify  its  accuracy.  Now  Shaw  sees  maybe  one  or 
two  complaints  about  wrong  orders  a  week. 
And  with  the  average  order  at  $7,  one-third  of 
which  is  food  costs,  the  savings  from  reducing 
wasted  food  add  up  quickly. 

The  interactive  display  screens  have  the 
added  benefit  of  providing  speedier  service 
for  regulars.  Customers  can  swipe  their 
credit  cards  and  view  their  last  four  orders 
onscreen;  selecting  one  reorders  that  meal. 
The  whole  process  takes  as  little  as  15  sec¬ 
onds,  says  Shaw,  compared  to  two  to  five 
minutes  when  a  cashier  enters  the  order 
and  takes  the  payment. 

Shaw  says  that  customers  who  visit  several 
times  a  week  like  not  having  to  repeat  that  they 
want  their  burger  with  jalapehos,  a  double- 
toasted  bun  and  no  onions.  People  who  come 
in  for  lunch  like  to  show  their  business  col¬ 
leagues  how  their  regular  order  pops  up 
onscreen,  he  says.  “And  if  we’ve  made  their 
order  right,  they're  happy  when  they  leave." 

-Alice  Dragoon 


2  8 


OCTOBER  1,  2005  |  www.cio.com 


Invest  for  Better 
Performance 

management  report  If  your  IT  department’s  performance  isn’t  up  to  snuff, 
it  may  be  because  you  spend  too  much  time  maintaining  and  repairing  your  existing  sys¬ 
tems,  and  not  enough  time  investing  in  new  technologies. 

A  global  study  by  Accenture,  “IT  Investing  for  High  Performance,”  finds  that  among  top  IT 
organizations,  62  percent  have  a  strategy  for  pioneering  new  technologies.  In  contrast,  most 
average  and  low-performing  IT  shops  prefer  to  “follow,  not  lead”  in  technology  adoption.  The 
study  says  that  failure  to  invest  in  IT  compromises  business  productivity. 

Accenture  surveyed  more  than  300  senior  IT  executives  from  Fortune  1000  or  compara¬ 
bly  sized  companies,  and  categorized  respondents  as  high-performing,  average  or  low-per¬ 
forming  according  to  how  the  respondents  ranked  themselves  on  a  five-point  scale.  Those 
surveyed  were  asked  to  rate  their  current  performance  versus  their  goals  on  five  dimen¬ 
sions:  innovation,  data  management,  integra¬ 
tion,  infrastructure  and  IT  operations.  The 
high-performers  (around  10  percent  of  respon¬ 
dents)  were  those  currently  achieving  at  the 
levels  sought  by  the  entire  group  surveyed. 

High-performers  distinguish  themselves  in 
how  little  time  they  spend  maintaining  and  fix¬ 
ing  applications.  The  top  performers  dedicate 
just  35  percent  of  their  time  to  maintenance 


Better  Performance, 
Newer  Tech 

Percentage  of  IT  depart¬ 
ments  that  want  to  be 
early  adopters  of  new  tech 


and  repair;  they  spend  40  percent  more  time 
integrating  and  building  systems  than  their 
lower-performing  competitors.  Respondents 
from  the  lowest-performing  organizations 


77% 


report  that  almost  half  of  their  time  is  spent 

20%  - 

23%| 

maintaining  and  fixing  systems. 

I5 

Low-performing  IT  organizations 
High-performing  IT  organizations 

SOURCE:  Bain  &  Co. 


Bob  Suh,  Accenture’s  chief  technology 
strategist,  believes  that  some  problems  of  low- 

performing  IT  organizations  are  of  their  own  _ 

making.  For  instance,  if  an  IT  group  doesn’t 

spend  enough  time  helping  users  define  their  requirements  for  a  system,  they  will  be  stuck 
having  to  fix  problems  that  could  have  been  avoided  if  they  had  done  more  work  up  front. 

In  addition,  says  Suh,  average  and  low-performing  IT  organizations  may  be  caught  in  an 
“austerity  trap,”  in  which  companies  attempt  to  sustain  IT  service  levels  while  maintaining 
or  cutting  IT  budgets.  As  CIOs  focus  on  keeping  IT  costs  down,  they  are  inhibited  from 
investing  in  new  technologies. 

To  focus  more  on  IT  investment,  rather  than  maintenance,  Suh  recommends  estab¬ 
lishing  performance  metrics  to  boost  business  confidence  in  IT  and  persuade  execu¬ 


tives  to  invest  in  new  projects.  “If  [companies]  choose  to  save  money  in  the  short 
term,”  warns  Suh,  “they  will  face  higher  maintenance  costs  and  have  fewer  dollars 
remaining  to  reinvest”  for  the  long  term.  And  then  they  will  be  unable  to  outperform 
their  peers.  -Cassidy  Healzer 


H 

S3 

n 

SS 

a 

r 

ss 

n 

(A 


PHOTO  TOP  BY  GETTY  IMAGES:  BOTTOM  COURTESY  OF  WHATABURGER 


PREEMPTIVE  SECURITY  IS  HERE: 


www.iss.net 


Prevent 


MAJOR  INTERNET  THREATS  - 


THEY  RUIN  YOUR  DAY. 


November  18 
FRIDAY 


p.tM. 


Proventia  ESP  (Enterprise  Security  Platform)  from  ISS  stops  Internet  threats  before  they  impact  your  business.  With  intrusion  prevention  and  vulnerability 


assessment  products  and  services,  Proventia  ESP  reduces  your  overall  risk  and  helps  enable  regulatory  compliance  and  business  continuity.  Only  ISS  keeps  you 


ahead  of  the  threat  with  preemptive  protection  for  your  entire  enterprise.  Download  a  free  white  paper  at  www.iss.net/ESP/CIO,  or  call  1-800-776-2362. 


Internet  |  Security  |  Systems® 

Ahead  of  the  threat 


NETWORK  &  HOST  INTRUSION  PREVENTION  I  VULNERABILITY  MANAGEMENT  I  MANAGED  SECURITY  SERVICES 

©2005  Internet  Security  Systems  Incorporated.  All  rights  reserved. 


Vendors  You  Like 


Walker’s 

Loyalty 

Leaders 


technology  Oracle  and  SAP  may  be  bitter  rivals,  but  both  companies  inspire 
true  loyalty  among  their  customers,  according  to  the  Walker  Loyalty  Report.  The 
survey  by  consultancy  Walker  Information  reviewed  some  18,000  evaluations  by 
United  States  and  European  IT  decision-makers  to  determine  which  hardware 
and  software  vendors  had  the  most  committed  customers.  (The  top  vendors  were 
identified,  not  ranked.)  Two  of  the  factors  influencing  customer  loyalty,  the  survey 
finds,  are  trustworthiness  and  how  easy  a  given  company  is  to  do  business  with. 

I 


Adobe 

Apple 

Cisco  Systems 

Dell 

EMC 

Hewlett-Packard 

IBM 

Microsoft 

Oracle 

SAP 


Sun  Microsystems 
Symantec 


.1 


H 

SO 

M 

2 

a 

r 

2 

n 

(A 


.cio.com 


NOISE-CANCELING  HEADGEAR 

(modeled  here  by  racer  Kurt  Busch) 
from  Nextel  enables  fans  to  clearly 
hear  conversations  between  Nascar 
drivers  and  their  pit  crews, 
or  dial  up  a  friend,  during  a  race. 


pit  crews)  and  a  wireless  phone 
(through  which  Nextel  can 
deliver  drivers’  dashboard  data). 
The  headsets  are  equipped  with 
a  noise-canceling  microphone 
that  masks  the  roar  of  the  stock 
car  engines  so  the  communica¬ 
tions  are  more  audible.  The 
headsets  also  make  it  possible 
to  carry  on  a  phone  conversation 
during  a  race. 

Nextel’s  ability  to  deliver  new 
information  services  to  data- 
hungry  Nascar  fans  helped  the 
company  win  its  10-year  spon¬ 
sorship  deal  (Nascar  will  get  an 
estimated  $700  million).  Mid¬ 
way  through  its  rookie  season, 
Nextel  rolled  out  two  services: 
FanScan,  which  transmits  the 
live  and  uncensored  radio 
communications  between 
drivers,  their  pit  crews, 
spotters  and  team  owners 
during  the  races  to  fans 
who  use  Nextel  phones 
(but  is  not  available  to 
fans  who  are  at  the 
track);  and  Nascar.com  To 
Go  with  PitCommand,  which 
shows  drivers’  dashboard  read¬ 


wi  re  less  As  the  chase 
for  the  Nascar  Nextel  Cup 
roars  into  high  gear  this 
month,  Nascar  fans— 
whether  they’re  at  the  track 
or  following  the  races  from 
home— can  get  closer  to  the 
action  with  mobile  services 
from  the  wireless  carrier. 

During  this  racing  sea¬ 
son,  Nextel,  which  took 
over  the  title  sponsorship 
from  Winston  in  2004, 
introduced  a  two-way 
headset  for  race  fans  that 
plugs  into  both  a  scan¬ 
ner  (which  transmits 
conversations  between 
the  drivers  and  their 


CONNECTED  AT 
THE  TRACK 


ings  on  the  phone. 

FanScan  delivers  the  gritty 
details  from  nine  drivers,  includ¬ 
ing  Dale  Earnhardt  Jr.  and  Jeff 
Gordon,  who  can  be  heard  talk¬ 
ing  about  how  their  cars  are  han¬ 
dling  and  about  their  pit-stop 
strategies.  Fans  are  also  privy  to 
the  drivers’  screams  of  joy  when 
they  cross  the  finish  line  and 
their  disgust  when  they  spin 
out  into  a  wall.  Fans  can  use  Pit- 
Command  to  see  RPM,  throttle 
and  brake  indicators,  lap  counts 
and  the  driver’s  track  position. 

Radio-scanning  technology  at 
the  tracks  isn’t  new,  however; 
vendors  have  been  selling  scan¬ 
ners  with  headsets  for  years. 
Thus,  both  FanScan  and  Pit- 
Command  are  aimed  more 
toward  fans  who  can’t  make  it  to 
the  track.  The  two-way  headsets, 
which  work  with  the  equipment 
many  frequent  race  attendees 
already  have,  are  designed  for 
fans  at  the  track  who  might  want 
to,  among  other  things,  call  their 
friends  and  boast  about  what  a 
great  time  they’re  having. 

-Thomas  Wailgum 


PHOTOS  COURTESY  OF  NEXTEL 


O' t pity  *:•*«.*; 


. . 


YOU  NEED  A  3M  PRIVACY  FILTER  BECAUSE  9  OUT  OF  10 
PEOPLE  ADMIT  TO  SNOOPING. 


,  i 

1 -  - - - - - - -  --  ■ 

You  get  your  work  done.  The  wandering  eyes  beside  you  see  only  a  dark  screen.  Reassuring  3M™  Privacy  Filters.  Made  of  slim,  protective,  rigid-yet-flexible  polymer. 
Easy  to  attach  and  remove.  Available  for  laptops  in  many  sizes.  Uncanny  3M  microlouver  technology  blocks  out  side  views  while  you  see  your  screen  clearly  as  ever. 
You  have  to  not  see  it  to  believe  it.  Available  only  at  online  retailers.  1 -888-PRIVACY  3MPrivacyFilter.com 


©  3M  2005.  3M,  Vikuiti  and  the  Vikuiti  "Eye"  symbol  are  trademarks  ol  3M 


Now  you  see  it.  Now  they  don’t. 


Susan  Cramm  executive  coach 


The  Business 
of  IT  Is  Business 

Six  keys  to  lasting  alignment  with  your  business  partners 


Many  IT  professionals  believe  that  alignment  with 
the  business  is  all  about  managing  expectations. 
But  the  phrase  “managing  expectations”  is 
ridiculous  and  should  be  stricken  from  CIOs’ 
lexicons.  It  conveys  false  hopes  that,  through  artful  maneu¬ 
vering,  delivering  less  is  OK.  Nothing  but  food  satisfies  hunger, 
nothing  but  money  pays  the  rent,  and  nothing  but  a  “yes”  sat¬ 
isfies  IT’s  business  partners. 

Smart  CIOs  improve  alignment  by  figuring  out  how  to  say  yes 
in  a  way  that  works  for  both  the  business  and  IT.  Overall,  busi- 
ness-IT  alignment  has  progressed  during  the  past  five  years,  due 
to  the  institution  of  executive  committees,  rigorous  priority¬ 
setting,  active  portfolio  management,  “skin  in  the  game” 
accountabilities,  standardized  technology  and  processes,  strate¬ 
gic  sourcing  and  better  customer  relationship  management. 

In  spite  of  the  improvements,  alignment  continues  to  top 
executive  surveys  as  a  critical  initiative.  CIO  magazine’s  “State 
of  the  CIO”  research  shows  that  alignment  remains  the  top  man¬ 
agement  priority  for  CIOs.  At  a  recent  breakfast  for  CIOs  that 
I  facilitated,  participants  shared  stories  that  highlighted  the 
persistent  barriers  to  alignment.  They  discussed  strategic  plans 
that  aren’t  actionable,  the  challenge  of  working  with  decen¬ 
tralized  business  units,  project  justifications  that  put  form  over 
substance,  funding  decisions  that  are  designed  to  keep  the 
peace,  constant  pressure  on  noncapital  IT  costs,  the  difficulty  of 
staying  the  course  with  technology  plans  and  the  leadership  gap 
between  CIOs  and  their  direct  reports. 

This  discussion  highlighted  the  multifaceted  complexity  of 
the  alignment  problem,  which  encompasses  the  domains  of 
strategy,  governance,  technology  and  organizational  structure. 


32 


OCTOBER  1,  2005  |  www.cio.com 


ILLUSTRATION  BY  SIMONE  TIEBER 


Who  was  selected  as  best  in  Bl? 


Siebel  Business  Analytics 
Best  Business  Intelligence  Application 
2004  RealWare®  Award  Winner 


Siebel  Business  Analytics  received  the  most  prestigious  Bl  award  because  unlike 
traditional  Bl  vendors,  Siebel  meets  the  new  business  demands  of  enterprise  Bl. 
Siebel  delivers  richer,  real-time  intelligence  for  everyone  across  your  enterprise. 
Working  seamlessly  with  your  existing  systems  and  data  warehouses,  Siebel’s  mission- 
critical  Bl  architecture  supports  multi-terabytes  of  data  and  thousands  of  users. 
And  Siebel's  pre-built  solutions  embed  industry-specific  best  practices  that  are 
flexible,  quickly  implemented,  and  deliver  low  TCO. 

To  learn  more,  visit  www.siebel.com/realware 


Siebel 

Business  Analytics 


©2005  Siebel  Systems.  Inc.  All  rights  reserved.  Siebel  and  the  Siebel  logo  are  trademarks  of  Siebel  Systems,  Inc.  and  may  be  registered  in  certain  jurisdictions 
RealWare  is  a  registered  trademark  of  Intelligent  Enterprise. 


Susan  Cramm  executive  coach 


To  tackle  alignment,  CIOs  must  first  accept  the  fact  that  IT’s 
business  counterparts  will  always  want  more  for  less,  without 
delay.  CIOs  need  to  learn  how  to  balance  the  limited  supply  of 
IT  services  with  the  seemingly  infinite  demand  in  a  way  that  is 
acceptable  to  the  business.  This  is  done  through  strategy  and 
governance  practices  that  force  the  business  to  acknowledge 
limits  and  say  no  to  themselves.  IT  capacity  constraints  (which 
are  more  often  people-based  than  money-based)  can  be  relieved 
by  designing  technologies  and  organizations  that  “flex”  as  busi¬ 
ness  volume  and  project  demands  ebb  and  flow. 

There  are  six  promising  concepts  to  help  CIOs  face  the  chal¬ 
lenge  of  improving  alignment.  I  will  briefly  review  them  here 
and  will  discuss  them  in  more  detail  in  my  next  three  columns. 

1.  REAL-WORLD  STRATEGY.  Business  strategy  is  usually 
informal,  and  it  changes  frequently  as  new  learning  occurs. 
CIOs  need  an  ongoing,  participative  process  for  deriving  busi¬ 
ness  strategy  and  weaving  IT  strategy  within  it. 

2.  EMBRACING  VALUE.  Investment  governance  doesn’t  really 
work  if  IT  value  is  a  paperwork  exercise.  For  IT  to  be  viewed  as 
an  investment  rather  than  an  expense,  CIOs  have  to  make  value 
realization  practical  by  incorporating  operational  measure¬ 
ments  in  projects.  Value  must  be  center  stage  when  CIOs  deter¬ 
mine  the  approach  for  an  IT  project,  manage  the  scope  and 
enforce  accountability. 

3.  ACTIONABLE  PRICING.  The  ugly  baby  ofIT  is  the  70  percent 
of  costs  that  are  not  really  understood  and  therefore  are  not 
really  managed.  After-the-fact  chargebacks  based  on  spread¬ 
sheet  allocations  are  neither  credible  nor  useful  in  influencing 
future  demand  and  forecasting  necessary  expenditures.  A 
slimmed-down  version  of  activity-based  budgeting  is  a  practical 
first  step  in  helping  CIOs  articulate  services,  consumption  and 
pricing  in  a  way  that  helps  the  business  act  as  true  consumers. 

4.  AGILE  TECHNOLOGY.  Architecture  and  infrastructure  can 
hinder  alignment  efforts.  Layered  architectures,  services  and 
capacity  on  demand  are  reducing  the  cycle  time  of  delivery 
and  therefore  expanding  the  supply  of  IT. 

5.  BOUNDARYLESS  I.T.  IT  is  too  often  a  delivery  bottleneck. 
CIOs  can  create  virtual  capacity  by  enabling  the  business’s 
self-sufficiency  and  leveraging  strategic  sourcing. 

6.  LEADERS  AT  ALL  LEVELS.  The  glue  that  holds  together  the 
strategy,  governance,  technology  and  organizational  compo¬ 
nents  of  alignment  is  leadership.  Surveys  indicate  that  while  the 
leadership  cadre  at  the  CIO  level  is  sufficient,  there  is  a  gap  at 
the  levels  below.  CIOs  need  to  expand  IT’s  leadership  capabil¬ 
ities  by  changing  their  leadership  development  approach  from 
“survival  of  the  fittest”  to  “development  of  the  fittest.” 

In  the  coming  months,  I  will  unpack  these  concepts  by 
reviewing  theory,  discussing  success  stories  and  providing 
suggestions  for  further  study.  I  invite  you  to  join  the  discussion 
by  sharing  your  alignment  stories— both  good  and  bad. 
Together,  CIOs  can  learn  how  to  say  yes  without  regrets. 


Reader  Q&A 

Q:  Saying  no  is  a  way  of  letting  people  who  don't  understand 
IT’s  capabilities  know  what  is  possible  and  what  isn’t,  and 
what  is  a  good  use  of  money  and  what  isn’t.  Whenever  the 
sales  VP  asks  me  for  something,  it’s  his  way  of  testing  the 
importance  of  his  idea.  He  knows  I  will  work  with  him  if  it’s  a 
good  idea.  But  not  everything  is  a  good  idea  or  is  a  better  idea 
than  what  we’re  already  working  on. 

A:  It  sounds  like  you  have  a  great  relationship  with  your 
sales  executive— congratulations!  Without  strong  relation¬ 
ships,  the  word  “no”  causes  people  to  dig  in  on  their  posi¬ 
tions.  That’s  a  difficult  reaction  to  overcome  if  you  hope  to 
get  to  a  solution  that  works  for  both  parties.  People  react  to 
(and  learn  from)  questions  better  than  statements.  The  goal 
of  IT-business  alignment  is  to  set  up  mechanisms  so  that 
business  executives  are  able  to  evaluate  the  merits  and 
implications  of  their  IT-enabled  ideas  without  IT  having  to 
play  the  heavy. 


Q:  If  business-IT  alignment  has  improved  over  the  past  five 
years,  as  you  say,  why  were  there  so  many  sob  stories  at  the 
breakfast  you  attended?  Alignment  is  one  of  those  problems 
that  never  goes  away,  unlike  technical  issues.  Alignment  can 
never  be  “fixed.”  It  requires  continual  work  and  communica¬ 
tion  on  the  part  of  IT  executives  and  every  member  of  the  IT 
department. 

A:  Alignment  has  improved,  but  you  are  right  that  it  requires 
continual  work  and  communication.  The  CIOs  in  that  break¬ 
fast  meeting  weren’t  lamenting  this  state  of  affairs;  they  were 
discussing  alignment  with  the  goal  of  learning  from  each 

other  and  developing  a 


Have  a  Leadership  Question? 


For  more  reader  questions  and  answers 
from  Susan  Cramm,  go  online  to 
www.cio.com/leadership/executive 
coach.html.  CIO.COm 


sense  of  how  to  reach 
the  alignment  grail. 


Q;  In  addition  to  the  six 
points  you’re  writing 
about,  I’d  like  to  see 
you  address  the  executive  committee— a.k.a.  the  IT  manage¬ 
ment  committee,  IT-business  oversight  committee  or  what 
have  you.  What  are  the  best  ways  to  set  up  this  kind  of  group, 
who  has  to  be  on  it  (the  must-attends  versus  the  nice-to- 
haves)  and  what  does  it  need  to  accomplish? 

A:  Management  committees  are  essential  to  effective  gov¬ 
ernance.  Real-world  strategy  requires  that  an  effective  sen¬ 
ior-level  IT  council  exist.  HEI 


Susan  Cramm  is  founder  and  president  of 
Valuedance,  an  executive  coaching  firm  in  San 
Clemente,  Calif.  You  can  e-mail  feedback  to 
susan@valuedance.com. 


34  OCTOBER  1,  2005  |  www.cio.com 


PHOTO  BY  ASA  MATHAT 


S  THE  WORLD’S  HELP  DESK 


everyone 

vs/itVl  <K  ViYU* 


PROBLEM 


or  go  to  ibm,com/businesscenter/security23 


SIZE  OF  BUSINESS 


SECURITY  FROM  $1.80  PER  E-MAIL  ADDRESS 
PER  MONTH.  NO  SET  UP  COSTS. 


©2005  IBM  Corporation.  All  rights  reserved.  IBM,  the  IBM  logo,  and  Express  are  registered  trademarks  or  trademarks  of  International  Business  Machines  Corporation  in  the  United  States  and/or  other  countries.  Other  company,  product  and  service  earn  r  he 
trademarks  or  service  marks  of  others.  'Five  days'  prior  written  notice  to  IBM  is  required  in  order  to  cancel  the  Services  during  the  30-day  risk  free  period. 


I 


Ben  Gomes-Casseres  keynote 


Outsource,  Don’t  Abdicate 

Regardless  of  what  business  processes  you  move  outside  your  corporate  borders, 
you  can’t  lose  sight  of  your  ultimate  responsibility  for  ethics  and  the  end  result 


My  favorite  post-Enron  cartoon,  by  Dan  Wasser- 
man,  has  two  captains  of  industry  discussing 
what  to  do  about  the  fallout  from  corporate  scan¬ 
dals.  “We  are  seen  as  ethical  disasters,”  says  one 
of  them.  “How  are  we  going  to  rebuild  public  trust?”  In  a  flash  of 
brilliance,  the  other  answers:  “We  could  outsource  it!” 

Behind  the  sarcasm  there  lies  an  interesting  question:  When 
a  company  sheds  operations  through  outsourcing,  does  it  also 
shed  its  responsibility— ethical  and  otherwise— for  how  those 
operations  are  run?  Companies  today  rely  more  and  more  on 
partnerships  with  third  parties  for  everything  ranging  from 
supplies  and  manufacturing  to  product  design  and  distribution. 
In  this  so-called  extended  enterprise,  where  does  management’s 
responsibility  for  good  governance  begin  and  end? 

Lawyers  and  accountants  will  surely  have  an  answer  (or  sev¬ 
eral)  to  this  question,  based  on  their  reading  of  Sarbanes-Oxley 
and  other  regulations.  But  top  management’s  answer  should  go 
beyond  current  laws  and  professional  practices,  as  the  question 
also  relates  to  performance,  reputation  and,  yes,  even  ethics. 

Corporate  governance,  writ  large,  means  how  and  to  what 
ends  top  management  exercises  its  authority  and  influence. 
But  authority  over  what?  The  financial  statements  of  a  company 
begin  and  end  at  the  legal  boundaries  of  the  company’s  property. 
What  it  owns  or  controls  is  included;  what  it  doesn’t,  is  not. 
The  problem  is  that  partnerships  and  outsourcing  often  fall  in 
a  gray  zone— they  are  not  usually  owned  or  controlled  by  the 
company,  but  they  can  be  critical  to  its  economic  performance. 

In  effect,  the  economic  boundaries  of  the  company  stretch  well 
beyond  the  legal  boundaries.  And  it  is  this  broader  economic 
scope  of  operations  that  companies  should  govern  well,  not  just 


3  6 


OCTOBER  1,  2005  |  www.cio.com 


ILLUSTRATION  BY  ELIZABETH  LADA 


TVs*h 


* 


See  your  global  infrastructure  in  a  new  way. 


Most  applications  and  protocols  were  designed  to  run  locally.  Over  a  WAN,  they  grind  to  a  halt. 
That's  why  Riverbed  developed  a  solution  built  on  radically  new,  patent-pending  technology  that 
actually  delivers  LAN-like  performance  across  your  WAN.  Even  for  chatty  applications  that  can 
break  down  across  the  most  robust  networks. 

Riverbed's  proven  solution  allows  your  enterprise  to  consolidate  IT  infrastructure  at  the  data 
center,  optimize  your  bandwidth  usage,  and  still  deliver  applications  and  data  over  your  WAN  - 
at  speeds  that  make  remote  data  feel  local. 

Find  out  how  Riverbed  can  accelerate  your  business.  Visit 

www.riverbed.com/info/cio  to  download  your  copy  of 
the  analyst  white  paper  "Wide  Area  Data  Services"  today. 

Or  call  us  at  1 -87-RIVERBED  to  get  started  right  away. 


-  7Wi  Kiviiiticd  lerhiiology,  Inr  All  riglilv  reserved  Riverbed  leilnioloyy,  Riverbed,  Steelhead  oral  the  Riverbed  logo  Ore  trademarks  or  registered  liodemndcs  ol  Riverbed  technology,  Inc 


Ben  Gomes-Casseres  keynote 


I 


the  legally  defined  core.  Those  who  don’t,  risk  suffering  penal¬ 
ties— perhaps  not  legal  penalties,  but  penalties  no  less  in  their  per¬ 
formance,  their  brand  reputation,  or  in  the  public’s  perception  of 
their  ethical  integrity.  A  few  examples  will  illustrate  what  I  mean. 

Auto  Alliances:  Turbocharged  or  Stalled? 

Compare  the  tales  of  two  automotive  joint  ventures.  Such  ven¬ 
tures  are  common  ways  for  automobile  companies  to  extend 
their  reach  into  new  markets,  share  manufacturing  costs  and 
source  technology  abroad.  Toyota,  the  world’s  second-largest 
auto  company,  is  often  cited  for  the  critical  advantages  it  derives 
from  its  well-managed  network  of  external  suppliers. 

Not  so  for  General  Motors.  While  GM  has  had  foreign  joint 
ventures  and  sourcing  arrangements  since  the  1970s,  somehow 
it  never  got  the  hang  of  how  to  govern  assets  it  did  not  fully  own 
and  control.  Its  recent  failed  investment  in  Italy’s  Fiat  is  only  the 
latest  example  to  prove  this  point.  In  2000,  GM  paid  $2.4  bil¬ 


lion  for  a  20  percent  stake  in  Fiat,  with  the  aim  of  gaining 
access  to  Fiat’s  diesel-engine  technology  and  sharing  manu¬ 
facturing  costs  in  Europe.  But  their  efforts  in  managing  this 
joint  venture  were  ineffective,  and  within  two  years,  Fiat  was 
hemorrhaging  money.  After  difficult  divorce  proceedings,  with 
a  court  battle  looming,  GM  agreed  to  pay  $2  billion  to  terminate 
the  deal  in  2005.  Moody’s  Investors  Service  cited  this  costly  set¬ 
tlement  as  a  reason  for  downgrading  GM’s  credit  rating. 

Contrast  this  with  the  story  of  Renault  and  Nissan.  Like  GM, 
Renault  was  not  known  for  its  savvy  management  of  alliances. 
So  when  the  French  company  paid  $5  billion  for  37  percent  of  an 
almost-bankrupt  Nissan  in  1999,  most  observers  frowned.  But 
Renault  sent  a  top-flight  management  team  to  Japan,  headed 
by  Carlos  Ghosn,  a  French-educated  Brazilian  who  grew  up  in 
Lebanon,  and  launched  a  serious  effort  to  coordinate  opera¬ 
tions  between  the  companies.  Nine  cross-functional  teams, 
backed  by  cross-company  task  forces,  were  charged  with  reduc¬ 
ing  costs  at  Nissan,  promoting  global  integration  of  operations, 
and  reviving  lagging  product  development  and  sales.  Top  man¬ 
agement  of  the  two  companies  met  regularly  in  a  process  that 
engendered  mutual  trust.  Within  a  few  years,  Nissan  was  mak¬ 
ing  healthy  profits  and  boosting  Renault’s  share  price.  Ghosn 
was  promoted  to  CEO  of  Renault  and  became  a  superstar  in 
Japan— with  his  own  comic  book  character! 

Why  the  difference?  The  answer  is  no  doubt  complex,  and 
the  facts  hard  to  ascertain— companies  are  always  loath  to  talk 
honestly  about  their  failed  alliances.  But  we  know  that  more 
than  half  of  such  ventures  fail.  The  reasons  usually  lie  in  a 
combination  of  poor  up-front  design  and  poor  post-deal  man¬ 
agement.  In  the  case  of  GM  and  Fiat,  one  must  wonder  whether 
the  two  companies  really  had  much  to  add  to  each  other:  Both 


were  struggling  with  heavy  payrolls,  outdated  designs  and 
declining  market  positions.  Two  weak  companies  seldom  make 
a  strong  one.  It  seems  that  the  same  Fiat  management  remained 
in  place  after  the  deal  was  signed,  and  that  GM’s  contribution 
amounted  to  a  few  new  joint  projects.  This  was  evidently  not 
enough  to  pull  Fiat  out  of  the  red. 

A  poorly  governed  extended  enterprise  can  cost  the  company 
dearly.  The  cost  can  come  in  the  immediate  bottom  line,  as  for 
GM,  or  in  reputation,  which  can  be  just  as  important  in  the 
long  run.  Ford  and  Firestone  learned  this  lesson  the  hard  way. 

The  relationship  between  Ford  and  Firestone  goes  back  to  the 
birth  of  the  modern  automobile  industry.  In  those  days,  the  devo¬ 
tion  to  quality  and  innovation  of  each  generated  a  halo  effect  on 
the  other.  But  over  time  this  relationship  became  driven  more  by 
cost  concerns,  as  the  auto  and  tire  industries  turned  Fiercely  com¬ 
petitive.  In  the  summer  of 2000,  both  companies  were  put  on  the 
defensive  by  deadly  accidents  involving  Ford  Explorers  equipped 
with  Firestone  ATX  tires. 

Who  was  to  blame?  Was  it  the  tires  or  the 
vehicle?  Were  the  companies  aware  of  the 
risk?  Did  they  do  anything  about  it?  In  a 
sense,  the  precise  technical  answers  did  not  matter.  Both  com¬ 
panies  were  sued  by  consumers  and  by  state  governments. 
Both  eventually  settled  out  of  court.  And  both  took  a  hit  to 
their  reputations.  A  Flarris  Poll  of  corporate  reputation  found 
both  companies  near  the  bottom  of  a  list  of  60  major  companies 
in  2002,  just  above  Enron,  WorldCom  and  Adelphia.  To  be 
sure,  Ford  and  Bridgestone  (Firestone’s  parent)  both  have  since 
moved  up  in  subsequent  polls,  but  wounds  remain. 

Your  Partner’s  Reputation  Is  Your  Reputation 

Can  companies  avoid  such  hits  to  their  reputations  by  improving 
the  governance  of  their  relationships  with  external  parties?  The 
evidence  suggests  they  can.  In  the  airline  industry.  Star  Alliance, 
led  by  United  and  Lufthansa  and  including  14  other  members, 
aims  to  give  customers  a  seamless  global  service.  It  has  strict 
standards  of  service,  safety  and  customer  orientation  that  new 
members  must  meet  to  join  and  use  the  Star  logo  that  is  shared 
by  the  group.  The  group  knows  that  the  reputation  of  one  mem¬ 
ber  airline  can  help  or  hurt  the  reputation  of  the  others. 

Pharmaceutical  companies  have  taken  the  concern  with  rep¬ 
utation  one  step  further.  For  most  of  them,  good  relationships 
with  innovative  biotechnology  firms  can  be  a  key  source  of  new 
drugs.  As  a  result,  they  have  vied  with  each  other  to  be  seen  as 
“partner  of  choice,”  and  so  attract  the  most  promising  partners 
to  their  network.  Eli  Lilly,  for  example,  created  an  extensive 
alliance  management  organization  and  trained  its  professionals 
how  to  effectively  govern  these  sensitive  external  relationships. 
They  introduced  processes  and  practices  that  helped  Eli  Lilly 
communicate  better  with  its  partners  and  resolve  conflicts  more 
rapidly.  As  a  result,  Eli  Lilly  developed  a  reputation  for  good 
alliance  management  and  its  ranking  rose  in  industry  surveys 


A  poorly  governed  extended  enterprise 
can  cost  your  company  dearly. 


3  8 


OCTOBER  1,  2005  |  www.cio.com 


that  aim  to  measure  partner  attractiveness. 

Thus,  good  governance  of  the  extended  enterprise  can  gen¬ 
erate  both  better  performance,  and  better  reputation.  What 
about  corporate  ethics?  Where  does  management  responsibil¬ 
ity  for  ethical  behavior  begin  and  end? 

The  idea  of  outsourcing  social  responsibility  together  with 
outsourcing  manufacturing  is,  in  fact,  not  far-fetched.  But  it  sel¬ 
dom  works.  Early  in  the  controversy  around  dangerous  chem¬ 
icals  in  the  workplace,  Allied  Chemical  tried  to  distance  itself 
from  responsibility  for  dangerous  emissions  and  spills  at  a 
supplier  in  Hopewell,  Va.,  to  which  it  outsourced  production  of 
Kepone,  a  DDT-like  pesticide.  Public  outcry,  legal  suits,  and 
congressional  action  eventually  led  to  a  settlement,  and  to  strict 
new  industry  regulations. 

Nike,  too,  initially  distanced  itself  from  charges  of  child  labor 
and  unhealthy  conditions  at  its  suppliers  offshore  in  the  late 
1990s.  In  this  case,  the  risk  to  its  brand  image  no  doubt  helped 
lead  to  a  change  of  heart.  Today,  Nike  periodically  produces  an 
extensive  corporate  responsibility  report  that  reviews  working 
conditions  at  all  its  suppliers.  “Corporate  responsibility  chal¬ 
lenges  us  to  take  a  good,  hard  look  at  our  business  model,  and 
understand  our  impact  on  the  world  around  us,”  concludes 
Nike’s  2004  report.  Evidently,  its  leaders  have  come  to  believe 


that  their  responsibility  for  good  governance  extends  well 
beyond  the  boundaries  of  their  firm. 

The  lessons  from  Ford,  GM,  Nike  and  others  do  not  apply 
only  to  their  industries.  In  fact,  technology  and  service  com¬ 
panies  are  just  as  exposed  to  the  risks  of  poor  governance  of 
their  extended  enterprise,  if  not  more  so.  Outsourcing  of  pro¬ 
duction,  design  and  marketing  has  gone  further  in  technology 
and  service  industries  than  elsewhere.  With  that  trend  comes 
the  risk  that  a  delegation  of  operational  tasks  will  become  con¬ 
fused  with  abdication  of  responsibility. 

In  this  sense,  the  term  “outsourcing”  is  an  unfortunate  one. 
With  every  outsourced  task,  comes  a  new  responsibility  to 
govern  that  task  properly.  The  burden  of  manufacturing  a  part 
or  running  a  call  center  of  course  is  shifted  outside  the  company. 
But  the  responsibility  for  managing  the  supplier  and  for  ensur¬ 
ing  customer  satisfaction  doesn’t  budge.  Denying  this  amounts 
to  governance  myopia.  BE] 


Ben  Gomes-Casseres  is  a  professor  at  Brandeis 
University's  International  Business  School.  He  also 
consults  on  alliance  management  and  is  coauthor 
of  the  book  Mastering  Alliance  Strategy.  He  can  be 
reached  at  ben@alliancestrategy.com. 


He  keeps  changing  the  color  on  me.  First  it's  red. 
Then  he  wants  blue.  The  guy's  like  a  chameleon. 


— 


Ricoh  dependability  moves  your  ideas  forward. 


ricoh-usa.com 

©2005  Ricoh  Corporation. 


RICOH 


Tom  Davenport 


COMPETITIVE  ADVANTAGE 


More  and  more  companies  are  using  analytics  to  drive  their  decision-making  processes. 
But  there’s  a  right  and  a  wrong  way  to  do  it. 


The  world  is  becoming  more  analytical.  Even 
Lawrence  Summers,  the  president  of  Harvard,  who 
got  into  such  big  trouble  recently  for  making  sweep¬ 
ing  statements  about  women  in  science,  got  this  one 
right.  At  a  Harvard  School  of  Public  Health  conference,  Summers 
said,  “I  suspect  that  when  the  history  is  written  200  years  from 
now,  it  will  emerge  that  something  very  important  happened  in 
human  thinking  during  the  time  when  we  were  alive,  and  that 
is  that  we  are  becoming  rational,  analytical  and  data-driven  in  a 
far  wider  range  of  activity  than  we  ever  have  been  before.” 

Ah  yes,  you  say.  You  may  not  have  thought  about  it  this  way, 
but,  in  fact,  you  know  something  of  this  territory.  Business 
intelligence.  Statistics,  decision  support  and  all  that.  It  may 
strike  you  as  a  little  nerdy,  but  you’d  undoubtedly  grant  busi¬ 
ness  analytics  a  place  in  the  pantheon  of  IT  applications. 

But  in  some  organizations,  analytics  are  in  first  place. 
They’re  actually  becoming  the  primary  driver  of  strategy  and 
competitive  advantage.  Analytics  and  quantitative  decisions 
are  being  used  to  optimize  business  processes— to  identify 
the  best  customers,  select  the  ideal  price,  calculate  the  best 
supply  chain  routing  or  pick  the  best  person  to  hire.  Some 
companies,  organizations  and  sports  teams  are  clearly  com¬ 
peting  on  analytics. 

In  his  conference  speech.  Summers  mentioned  baseball 
and  in  particular  the  Oakland  A’s  as  examples  of  creeping 
analytical  orientation.  In  Boston,  we’re  more  excited  about  the 
Red  Sox  and  the  Patriots,  both  of  which  have  done  pretty 
well  of  late.  The  Red  Sox,  in  case  you  need  reminding,  won  the 
World  Series  last  year  for  the  first  time  in  86  years.  They 

Continued  on  Page  44 


40 


OCTOBER  1,  2005  |  www.cio.com 


ILLUSTRATION  BY  OTTO  STEININGER 


ILLUSTRATION  BY  CARY  HENRIE 


I  N  T  E  G  R  I  E  N 


ADVERTISING  SUPPLEMENT 


INFRASTRUCTURE 


Integrity  Management  Can 
Find  the  Upended  Lamp  In 
Your  IT  Infrastructure 
Before  Profits  Burn  Down 


N  FIGHTING  AN  ORDINARY  FIRE, 

response  time  is  all  and  root  cause  mat¬ 
ters  only  in  arson  cases.  Knowing  Mrs. 
O’Leary’s  cow  was  the  root  cause  would 


not  have  helped  dowse  the  Great  Chicago  Fire. 


Not  so  for  firefighting  in  IT,  where  an  astonishing  80 
percent  of  time  resolving  a  problem  must  be  spent  track¬ 
ing  down  its  cause.  When  IT  infrastructure  is  concerned, 
fires  seem  to  burn  everywhere  at  once  until  you  right  the 
kicked-over  lamp. 

And  while  time  to  IT  problem  resolution  is  a  reason¬ 
able  business  concern,  reducing  the  risk  of  a  cow  kicking 
over  a  lamp  unnoticed  is  the  best  practice. 

In  today’s  rush  to  improve  IT  processes,  it’s  a  good 
thing  to  keep  Mrs.  O’Leary’s  cow  in  mind.  IT  process 
improvement  needs  to  focus  on  reducing  the  risk  of  prob¬ 
lems  going  undiagnosed  until  the  fire  is  blazing,  and  then 
on  finding  root  cause. 

And  that  means  the  best  route  to  effective  IT  process 
improvement  is  integrity  management. 


Holistic  Approach  Required 

Integrity  management  succeeds  because  it  covers  IT  infra¬ 
structure  from  end  to  end.  No  matter  where  cows  can  kick 
over  lamps  in  today’s  complex  distributed  infrastructures, 
integrity  management  provides  visibility. 

More  critical  is  that  today’s  IT  infrastructures  are 
interdependent.  To  continue  the  metaphor:  Watching 
one  cow  to  see  if  she’s  stampeding  won’t  tell  you  if  there’s 


Custom  Publishing 


a  problem.  It  all  depends  on  how  the  cow  is  moving  in  relation  to  the  rest  of 
the  herd  (i.e.,  are  individual  metrics  aligned  or  diverging  abnormally). 

To  bring  this  out  of  the  realm  of  cows  and  back  to  IT  reality,  the  conven¬ 
tional  wisdom  of  managing  only  important  infrastructure  elements  in  isola¬ 
tion  is  failing.  Doing  so  misses  the  interdependencies  that  help  pinpoint  ele¬ 
ments  that  are  outside  normal  behavior.  You  also  lack  integrity  management’s 
ability  to  track  back  to  the  root  cause  of  the  problem.  Integrity  management 
is  thus  a  fast  track  to  progress  on  Gartner’s  highly  regarded  IT  Maturity 
Model,  which  moves  from  IT  components  being  managed  in  isolation  to  the 
nirvana  of  Level  4,  in  which  IT  infrastructure  and  the  business  processes  that 
depend  on  it  are  viewed  holistically.1 


1.  Gartner,  “Gartner  Poll  Suggests  IT  Management  Processes  Aren't  Maturing",  Debra  Curtis  and  Cameron  Haight,  April  2005. 


I  N  T  E  G  R  I  E  N 


ADVERTISING  SUPPLEMENT 


INFRASTRUCTURE 


“Put  in  a  solution  that  can  find  the  root  cause  of  problems  and 
deliver  three-month  payback.  What  would  otherwise  be  a  vague 
process  improvement  project  becomes  a  vivid  success.” 

—  AL  EISAIAN,  CEO  AND  PRESIDENT  OF  INTEGRIEN  CORP. 


Maturity  Matters 

The  IT-specific  benefits  of  a  disciplined 
march  up  the  maturity  levels  of  Gartner’s 
model  are  dear.  According  to  Deb  Curtis, 
Research  VP  with  Gartner,  “Business 
processes  heavily  dependent  on  IT  require  a 
minimum  of  Level  3  IT  management 
process  maturity  to  have  necessary  levels  of 
confidence  in  their  dependent  IT  services. 
Moreover,  moving  to  Level  3  offers  not  only 
improved  quality  of  service,  but  also  lower 
labor  costs.” 

The  question  is,  how  does  one  imple¬ 
ment  a  process  improvement  project  to  reap 
those  benefits?  The  first  step,  according  to  Al 
Eisaian,  CEO  and  president  of  Integrien 
Corp.,  in  Irvine,  Calif.,  is  to  implement  a 
management  tool  that  provides  a 
holistic  view  of  your  transactions 
through  your  infrastructure  and 
helps  you  find  the  root  cause  of 
problems.  Predicting  and  prevent¬ 
ing  problems,  the  ultimate  best 
practice,  can  wait  until  your 
organization  is  ready  for  it. 

Overcome  Silo  Vision 

For  example,  a  global  communi¬ 
cations  company  based  in  Europe 
got  a  reality  check  on  its  holistic 
vision  when  the  CEO  called  a 
company  data  center  in 
California.  Why,  he  asked,  did  the  world¬ 
wide  CRM  application  go  down?  The  call 
was  the  first  the  data  center  knew  of  the 
problem,  whereas  executive  staff  was 
painfully  aware  because  they  were  massag¬ 
ing  detailed  information  for  a  sales  refore¬ 
cast.  With  the  steady  glare  of  top  manage¬ 
ment  on  them,  IT  specialists  in  charge  of 
each  component  type  gathered  to  trou¬ 
bleshoot,  all  convinced  that  the  problem 
wasn’t  in  their  silo.  But  nobody  could 
answer  this  simple  question:  What  specific 
elements  in  the  IT  infrastructure  actually 
supported  CRM?  They  eventually  drew  an 
approximate  map  and  painstakingly  corre¬ 
lated  the  data  from  their  element  managers 
to  eventually  find  the  root  cause  and  get  the 
wounded  application  up  and  running,  but 


only  after  much  delay  and  expense. 

IT  leaders  who  find  this  story  familiar 
will  likely  end  up  ranking  their  organiza¬ 
tions  on  the  lower  end  of  the  IT  Maturity 
Model,  which  is  characterized  by  ad  hoc 
firefighting — and  they  will  be  in  good  com¬ 
pany.  Experts  have  estimated  that  anywhere 
from  60  to  85  percent  of  IT  organizations 
are  either  chaotic  or  reactive,  and  a  May 
2005  Gartner  poll  suggests  the  road  to 
improvement  is  steep.1 

Once  IT  leaders  know  where  their  organ¬ 
ization  stands,  they  can  bring  in  an  integrity 
management  tool  to  make  immediate,  tar¬ 
geted  progress  against  IT  problems. 

Generic,  unfocused  business  process 
improvement  projects  tend  to  be  multiyear 


in  scope.  The  CIO  finds  it  difficult  to  com¬ 
municate  the  urgency  of  the  need  or  the 
immediate  good  news  required  to  build 
enthusiasm  and  garner  the  ongoing  internal 
support  the  project  needs. 

“Put  in  a  solution  that  can  find  the  root 
cause  of  problems  just  days  after  installa¬ 
tion.  Attach  three-month  payback  to  what 
would  otherwise  be  a  vague  process 
improvement  project.  It’s  the  only  way  to 
guarantee  you’ll  get  IT  out  of  firefighting 
mode,”  says  Eisaian. 

The  Advantage  of  Alive 

Integrien  Alive  is  a  market-leading  integrity 
management  tool  that  discovers  transaction 
paths  through  a  distributed  infrastructure, 
gathers  the  relevant  interdependent  metrics 


from  end  to  end  and  uses  an  advanced  ana¬ 
lytics  engine  to  understand  causal  relation¬ 
ships  in  IT  infrastructure.  After  a  one-day 
installation  and  configuration,  Alive  can 
start  finding  the  root  cause  of  problems 
without  requiring  IT  staff  to  write  rules. 

Further,  Alive  builds  a  comprehensive 
understanding  of  what’s  normal  for  each 
organization’s  systems  based  on  end-to-end 
system  load  and  past  behavior.  Patent- 
pending  analysis  techniques  then  note  mean¬ 
ingful  deviations  from  that  norm  and  start  to 
predict  looming  IT-based  problems  before 
they  impact  business  processes.  By  predicting 
problems  and  pointing  to  their  root  cause, 
Alive  at  the  least  reduces  mean-time  to  prob¬ 
lem  resolution  and  in  the  best  case  keeps 
from  disturbing  the  business  side 
of  the  organization  entirely. 

As  a  result,  the  calls  from  the 
CEO  about  the  CRM  system 
being  down  become  less  frequent 
and  then  stop.  It’s  like  seeing 
when  a  cow  like  Mrs.  O’Leary’s 
has  kicked  over  the  lantern  and 
having  the  ability  to  put  out  the 
fire  before  it  spreads. 

Alive  Helps  Baxter 

“Alive  was  able  to  alert  us  to  prob¬ 
lems  earlier  than  our  other  tools, 
even  catching  problems  our  other 
tools  missed,”  says  Robert  Simpson,  the 
manager  of  web  hosting  infrastructure  at 
Baxter  Healthcare,  in  Deerfield,  Ill. 

As  a  result  of  implementing  Alive,  service 
levels  of  applications  improve,  the  business 
gains  a  view  into  the  subset  of  IT  infrastruc¬ 
ture  that  supports  specific  business  transac¬ 
tions  and  processes,  and  IT  managers  more 
easily  justify  IT’s  value  to  the  business. 

“At  the  end  of  the  day,  the  business  once 
again  believes  that  it  can  and  should  count 
on  IT  for  day-to-day  needs  and  strategic 
advantage,”  says  Eisaian. 

Integrien’s  bottom  line  is  a  promise  of 
integrity:  Integrien  Alive  means  the  business 
can  count  on  IT.  And  that,  ultimately,  trans¬ 
lates  to  a  business  that  works  better  and 
smarter,  http://www.integrien.com  • 


■  Undocumented 

•  Unpredictable 

•  Multiple  help  desks 

■  Minimal  IT  operations 

•  User  call  notification 


Level  1 


Reactive 


•  Fight  fires 

•  Inventory 

•  Desktop  sw 
distribution 

•  Initiate  problem 
mgmt.  process 

•  Alert  and  event  mgmt 

•  Measure  component 
availability  (up/down) 


Level  2 


Proactive 

•  Analyze  trends 

•  Manual  thresholds 

*  Predict  problems 

*  Measure  application 
availability 


Mature  problem, 
configuration, 
change, asset  and 
performance  mgmt. 
process 


Level  3 


Service 

•  IT  as  a  service 
provider 

•  Define  services, 
classes,  pricing 

•  Understand  costs 

•  Guarantee  SLAs 

•  Measure  and  report 
service  availability 

•  Integrate  processes 

•  Capacity  mgmt. 


Level  4 


Value 

•  IT  as  a  strategic 
business  partner 

•  IT  and  business 
metric  linkage 

•  ITfbusiness 
collaboration  improves 
business  process 

•  Real-time 
infrastructure 

'•  Business  planning 


Sendee  and  Account  Management 
Service  Delivery  Process  Engineering 


Operational  Process  Engineering 


Tool  Leverage 


Gartner’s  IT  Maturity  Model1 


How  do  you  make  short-term  cuts  without  losing  the  long¬ 
term  view?  What  are  the  rules  of  smart  IT  spending?  How 
do  you  fund  innovations  during  hard  times?  Turn  to  the  CIO 
FOCUS™  on  I.T.  COST  CONTROL:  SMARTER  SPENDING 
STRATEGIES  FOR  TIGHT  TIMES-actionable  information  cre¬ 
ated,  filtered  and  packaged  by  the  award-winning  editors  of 
CIO  magazine. 

CIO  FOCUS™  is  delivered  right  to  your  desktop,  giving  you 
immediate  access  to  the  information  you  need.  And  for  your 
future  reference  needs,  the  electronic  file  is  followed  by  a 
packaged  version,  shipped  within  72  hours. 


CIO  FOCUS™ 

STRATEGIC  GUIDES  FOR  EXECUTIVE  DECISION  MAKING 


CIO  FOCUS™ 

TOPICS  AVAILABLE: 

IT  Value:  Measurement  Tools 
and  Techniques  That  Work 

Software  Vendor  Relationships: 
Selecting,  Vetting  and 
Managing  Partners 

Fundamentals  of  the  CIO  Role 

Applied  Wireless:  Making 
Wireless  Work  in  Business 


The  Resource 
for  Information 
Executives 

'  _  .Jkyf* 

'  •  u-' 


FOR  EXECUTIVE  DECISION-SUPPORT  TOOLS,  VISIT  THE  CIO  STORE-THE  CIO’S  KNOWLEDGE  MARKETPLACE. 

www.TheCIOStore.com 


Define  Your  Open  Enterprise. 

What  does  Open  mean  to  you?  Community?  Security? 
Risk?  Reward?  Can  it  leverage  legacy  systems? 
Consolidate  and  simplify?  Do  you  believe  in  its  power 
and  potential? 

Introducing  Novell  software  for  the  open  enterprise 
—  the  only  software  that  makes  Open  work  for  you. 
From  desktop  and  data  center  to  identity  manage¬ 
ment,  resource  management  and  collaboration,  our 
flexible  combination  of  open  source  and  commercial 


software  delivers  more  than  you  ever  imagined.  The 
power  to  manage  IT  assets  and  effort  automatically. 
Freedom  from  single  vendor  lock-in.  Security  that  keeps 
the  right  information  safe  and  the  right  people  informed. 
And  the  ability  to  connect  people  to  performance  and 
business  to  possibilities.  So  you  can  build  an  open 
enterprise  that  makes  sense  for  you  —  and  your  future. 
This  is  Novell  software  for  the  open  enterprise.  The 
Open  you’ve  wanted  all  along. 


Novell. 

This  is  your  open  enterprise. 

www.novell.com 


Copyright  ©  2005  Novell,  Inc.  All  Rights  Reserved.  Novell,  the  Novell  logo,  ZENworks  and  GroupWise  are  registered  trademarks;  SUSE  is  a 
trademark  ol  Novell,  Inc.  in  the  United  States  and  other  countries.  All  third-party  trademarks  are  the  property  of  their  respective  owners. 


Tom  Davenport 


COMPETITIVE  ADVANTAGE 


; 


Continued  from  Page  40 

borrowed  some  ideas  from  the  A’s  about  analytical  player 
selection  and  on-field  decision  making,  and  combined  them 
with  a  good  deal  of  money. 

The  Patriots  have  managed  to  win  the  Super  Bowl  three 
times  in  the  past  four  years— also  with  an  analytical 
approach.  The  team  uses  data  and  analytical  models  exten¬ 
sively,  both  on  and  off  the  field.  In-depth  analytics  help  the 
team  select  players  and  stay  below  the  NFL  salary  cap.  Patri¬ 
ots  coaches  and  players  are  renowned  for  their  extensive 
study  of  game  film  and  statistics,  and  Head  Coach  Bill 
Belichick  reads  articles  by  academic  economists  on  statistical 
probabilities  of  football  outcomes.  Off  the  field,  the  team  uses 
detailed  analytics  to  assess  and  improve  the  “total  fan  expe¬ 
rience.”  At  every  home  game,  for  example,  20  to  25  people 
have  specific  assignments  to  make  quantitative  measure¬ 
ments  of  the  stadium  food,  parking,  personnel,  bathroom 
cleanliness  and  other  factors. 

Success  Through  Analytics 

More  important,  there  are  many  companies  competing  on  the 
basis  of  data,  models  and  prediction,  and  many  have  been  fan¬ 
tastically  successful  with  this  strategy.  Wal-Mart,  of  course, 
uses  vast  amounts  of  data  and  category  analysis  to  dominate 
retail.  Harrah’s  has  changed  the  basis  of  competition  in  the 
gaming  industry  from  building  megacasinos  to  analytics 
around  customer  loyalty  and  service.  Amazon  and  Yahoo  aren’t 
just  e-commerce  sites;  they  are  extremely  analytical  and  follow 
a  “test  and  learn”  approach  to  business  changes.  Capital  One 
runs  more  than  30,000  experiments  a  year  to  identify  desirable 
customers  and  price  credit  card  offers. 

In  a  recent  study  sponsored  by  SAS  and  Intel,  a  couple  of  col¬ 
leagues  (Don  Cohen  and  A1  Jacobson)  and  I  contacted  32  organ¬ 
izations  that  were  pursuing  some  analytical  activity.  Some  were 
using  analytics  in  the  time-honored  fashion— that  is,  spottily 
and  in  pockets.  They  had  an  actuary  here,  a  supply  chain  simu¬ 
lator  there.  As  one  manager  of  an  analytics  group  put  it,  “In  the 
past  we  were  like  the  Aleutian  Islands— our  analytical  activities 
covered  a  lot  of  territory,  but  they  didn’t  attract  much  notice.” 

A  third  of  them,  however,  were  competing  on  analytics  at  the 
highest  level.  They  captured  and  managed  lots  of  transaction 
data  and  had  a  culture  of  fact-based  decision  making.  They 
were  using  analytics  in  multiple  functional  areas;  they  were 
using  sophisticated  statistical  analysis  and  predictive  model¬ 
ing,  and  managing  business  intelligence  at  the  enterprise  level. 
But  there  was  one  more  attribute  of  analytical  competition  that 
truly  set  these  organizations  apart. 

Buy-In  from  the  Boss 

The  key  factor  in  successfully  competing  on  analytics  in  our 
study  was  a  strong  pull  from  senior  executives.  Analytical 
resources  such  as  business  intelligence  software  won’t  change 
anything  within  an  organization  unless  executives  insist  that 


analytics  drive  business  strategy.  Decision  making  based  on 
data,  facts  and  complex  statistics  doesn’t  just  evolve.  It  requires 
substantial  changes  in  culture  and  behavior  that  must  be  driven 
from  the  top. 

In  the  companies  we  found  that  were  competing  on  analyt¬ 
ics,  the  CEO  was  not  only  a  supporter,  he  was  a  cheerleader.  Jeff 
Bezos  at  Amazon,  for  example,  states  publicly  that  he  and  his 
executives  frequently  pursue  analysis  and  fact-based  deci¬ 
sions.  Amazon  does  detailed  empirical  analysis  on  such  ques- 

While  analysts  from  India 
and  China  are  increasingly 
available,  it's  unlikely  that 
they  will  know  your  business 
as  well  as  local  talent. 

tions  as  whether  it  should  advertise  on  TV  (no),  or  whether  it 
can  sell  commodities  at  closeout  prices  at  the  bottom  of  its  web¬ 
page  (yes).  Gary  Loveman  at  Harrah’s  has  written  articles  about 
the  virtues  of  evidence  over  intuition.  As  Malcolm  Gladwell 
points  out  in  Blink,  intuition  can  be  valuable— but  not  when 
deciding  the  ideal  price  to  offer  on  a  hotel  room  to  a  frequent 
gambler  on  New  Year’s  Eve  in  Las  Vegas. 

In  addition  to  setting  the  analytical  tone,  the  CEO  also 
establishes  the  focus.  Several  executives  told  us  that  it’s 
important  to  maintain  a  strategic  focus  for  analytical  activity. 
Capital  One  flirted  briefly  with  the  idea  of  selling  flowers 
and  cell  phones,  but  using  analytics,  the  bank  decided  to 
restrict  itself  to  consumer  financial  services  such  as  car  loans 
and  CDs.  Perhaps  not  coincidentally,  it  has  become  the  sixth- 
largest  credit  card  provider  in  terms  of  loans,  and  has  grown 
earnings  per  share  by  over  20  percent  in  each  of  its  10  years 
as  a  public  company. 

How  to  Build  Demand  and  Supply 

If  you  believe  in  the  power  of  analytics  but  your  CEO  and  exec¬ 
utive  team  just  don’t  get  it,  there  are  some  ways  you  can  begin 
to  build  demand.  One  is  to  simply  familiarize  the  organiza¬ 
tion  with  the  data  available.  Shaygan  Kheradpir,  CIO  of  Veri¬ 
zon,  is  attempting  to  increase  executive  demand  in  this  fashion. 
He  created  a  scorecard  in  which  hundreds  of  performance  met¬ 
rics  of  various  types  are  broadcast  to  PCs  around  the  com¬ 
pany,  each  occupying  the  screen  for  15  seconds.  The  idea  is  to 
get  everyone— not  just  senior  executives— focused  on  infor¬ 
mation  and  what  it  means  to  Verizon’s  performance,  and  to 
encourage  employees  at  all  levels  to  address  any  issues  that 
appear  in  the  data. 

Another  IT  organization  in  a  pharmaceutical  company  we 
studied  doesn’t  have  much  demand  yet,  but  is  trying  to  stimu¬ 
late  it  by  following  up  after  any  hint  of  interest  from  execu- 


44 


OCTOBER  1,  2005  |  www.cio.com 


missing?” 

(Words  you  never  want  to  say.) 

Lose  track  of  an  important  backup  tape  and 
you  just  might  find  the  regulators  at  your  door. 
That’s  why  14  of  the  top  20  global  securities 
firms  rely  on  ZANTAZ  Digital  Safe™  to  comply 
with  the  records  retention,  retrieval,  and 
supervision  requirements  of  Sarbanes-Oxley, 
SEC  17a-4,  and  many  other  regulations.  As 
the  industry’s  leading  compliance  archiving 
solution,  ZANTAZ  Digital  Safe  delivers  secure 
and  immediate  online  access  to  your  data  and 
substantial  savings  to  your  bottom  line. 

Looking  for  a  compliance  solution?  Just  say 
the  word  at  800.636.0095  or  visit  us  online. 

Be  safe,  www.zantaz.com/digitalsafe 


ZANTAZ* 

Trusted.  Proven. 


©  2005  ZANTAZ,  Inc.  All  rights  reserved. 


Tom  Davenport  competitive  advantage 


tives.  For  example,  a  marketing  manager  discovered  software 
tools  that  showed  how  sales  data  could  be  displayed  graphically 
in  terms  of  geography  on  an  interactive  map.  The  company’s  IT 
executives  seized  upon  his  interest  and  offered  him  some  related 


viduals  with  not  only  heavy  quantitative  skills  but  also  the 
ability  to  speak  the  language  of  the  business  and  market  their 
work  to  internal  customers.  This  company  believed  that  the 
relational  aspect  of  the  job  made  it  difficult  to  outsource  or 


Most  of  the  companies  we  interviewed  took  at  least  five  years  to 
develop  their  analytical  capabilities  sufficiently  to  compete 

on  that  basis. 


geographically  oriented  analytical  capabilities  so  that  he  could 
identify  underserved  territories  and  plan  the  geographical 
spread  of  new  hires.  These  IT  managers  wisely  refuse  to  wait 
until  more  analytically  oriented  senior  executives  happen  to 
arrive  at  the  company. 

The  Right  Talent  Makes  a  Difference 

Supplying  the  right  kind  of  hardware  environment  and  ana¬ 
lytical  software  is  typically  easier  to  address  than  creating 
demand,  but  just  as  important.  While  good  data  from  trans¬ 
actional  systems  is  increasingly  available  and  analytical  tech¬ 
nology  has  become  easier  to  use,  companies  that  compete  on 
analytics  still  require  people  with  substantial  quantitative 
skills— either  in-house  or  contracted  from  outside.  The  sta¬ 
tistical  expert,  in  order  to  be  useful,  will  also  need  to  be  famil¬ 
iar  with  the  business  problems  in  the  function  and  industry; 
the  quantitative  skills  of  a  good  analyst  are  rarely  equally 
applicable  across  diverse  businesses.  One  pharmaceutical 
company,  for  example,  attempted  to  use  several  bioinformat¬ 
ics  experts  to  pursue  analysis  of  commercial  problems  in  mar¬ 
keting  and  operations,  and  found  that  they  were  neither 
motivated  nor  expert  at  the  applications.  Similarly,  while  sta¬ 
tistical  analysts  from  India  and  China  are  increasingly  avail¬ 
able  from  offshore  outsourcing  vendors,  it’s  unlikely  that  they 
will  know  your  business  well. 

Indeed,  several  companies  we  interviewed  stressed  the  impor¬ 
tance  of  a  close  and  trusting  relationship  between  quantitative 
analysts  and  decision-makers.  The  need  is  for  statistical  experts 

who  also  understand  the  busi¬ 
ness  in  general,  and  the  partic¬ 
ular  business  need  of  a  specific 
decision-maker.  As  one  man¬ 
ager  at  Wachovia  Bank  put  it, 
“We  are  trying  to  build  our  peo¬ 
ple  as  part  of  the  business  team; 
we  want  them  sitting  at  the 
business  table,  participating  in 
a  discussion  of  what  the  key  issues  are,  determining  what  infor¬ 
mation  needs  the  business  people  have  and  recommending 
actions  to  the  business  partners.” 

A  consumer  products  company  we  interviewed  hires  what 
it  calls  “PhDs  with  personality”  for  its  analytical  group— indi¬ 


Add  a  Comment 


Restaurants,  particularly  the  big 
chains,  have  also  made  analytics  work 
to  their  advantage.  To  read  about  “The 
Brain  Behind  the  Big,  Bad  Burger  and 
Other  Tales  Of  Business  Intelligence,” 
go  to  www.cio. com/031505 

cio.com 


take  offshore.  To  find  these  people  and  develop  these  types  of 
relationships  would  surely  be  much  more  difficult  in  an  out¬ 
sourcing  situation,  and  virtually  impossible  with  analysts  half 
a  world  away  from  the  decision-makers. 


How  Do  You  Know  When  You’re  There? 

There  are  several  indications  that  a  company  is  competing  on 
analytics: 

■  THE  CEO  HAS  AN  ANALYTICAL  BACKGROUND.  Harrah’s 
Loveman  was  a  business  school  professor  and  has  an  MIT 
PhD.  Amazon’s  Bezos  was  an  A-plus  student  in  electrical  engi¬ 
neering  and  computer  science  at  Princeton.  When  the  CEO  or 
vice  chair  of  a  company  is  a  rocket  scientist,  it’s  a  good  bet  that 
there  will  be  other  scientists  on  the  payroll. 

■  NOBODY’S  ASKING  ABOUT  THE  ROI  FOR  EACH  LITTLE 


I N IT1  ATI  VE.  What’s  at  stake  in  analytical  competition  is  not  an 
application,  but  a  corporate  strategy.  If  the  analytical  activities 
are  succeeding,  they  will  be  manifested  not  in  ROI  calcula¬ 
tions,  but  in  revenue  and  profits. 


■  THE  COMPANY  IS  VERY  SUCCESSFUL.  Certainly  there  are 
industries  (for  example,  U.S.  domestic  airlines)  where  a  lot  of 
analytics  don’t  seem  to  be  the  critical  success  factor.  It  isn’t  with 
Southwest.  But  the  great  majority  of  highly  analytical  compa¬ 
nies  that  we  studied  are  leaders  in  their  industries  and  making 
lots  of  money. 

As  more  analytically  trained  managers  enter  the  work¬ 
force,  it’s  likely  that  analytical  competition  will  become  more 
common  and  intense.  However,  this  capability  can’t  be  devel¬ 
oped  overnight.  Most  of  the  companies  we  interviewed  took 
at  least  five  years  to  develop  their  analytical  capabilities  suf¬ 
ficiently  to  compete  on  that  basis,  and  a  couple  of  very  suc¬ 
cessful  companies  (including  Procter  &  Gamble  and  Mars) 
had  been  pursuing  analytics  for  several  decades.  Assembling 
the  right  data,  finding  and  using  the  right  tools,  and  devel¬ 
oping  the  right  relationships  between  analysts  and  decision¬ 
makers  all  take  time.  Therefore,  it  makes  sense  to  start  pulling 
them  together  now.  History  seems  to  be  on 
the  side  of  the  numbers.  HEJ 

Tom  Davenport  is  professor  of  IT  and  management  at 
Babson  College  and  an  Accenture  Fellow.  He  can  be 
reached  at  tdavenport@babson.edu. 


46 


OCTOBER  1,  2005  |  www.cio.com 


BOARD  OF  ADVISERS  '05 


CIO  wishes  to  acknowledge  the  2005  Editorial  Advisory  Board  members  for  their  ongoing 
guidance  and  reality  check  of  the  magazine’s  content  and  focus.  We  thank  them  for  their 
generosity  in  sharing  their  insight  into  the  world  of  IT  leadership. 


GREGOR  BAILAR 

CIO 

Capital  One 
Falls  Church,  Va. 

DOUG  BARKER 

CEO 

Barker  and  Scott 
Consulting 
Washington,  D.C. 

WAYNE  D.  BENNETT 

Partner 

Bingham  McCutchen 
Boston 

LARRY  BONFANTE 

CIO 

United  States  Tennis 
Association 
White  Plains,  N.Y. 


DENNIS  CALLAHAN 

EVP  &  CIO 
The  Guardian  Life 
Insurance  Co. 

New  York  City 

SHEILA  DONAHOE 

CIO 

Bluegreen 
Boca  Raton,  Fla. 

MICHAEL  EARL 

Professor  of  Information 
Management,  Dean  of 
Templeton  College 
Oxford  University 
Oxford,  England 

PAUL  J.  GAFFNEY 

EVP,  Supply  Chain 
Staples 

Framingham,  Mass. 


ANDY  GEISSE 

CIO 

SBC  Communications 
Inc. 

San  Antonio 

JOHN  GLASER 

VP  &  CIO 

Partners  Healthcare 
Boston 

SCOTT  HEINTZEMAN 

CIO 

Carlson  Marketing 
Group 

Plymouth,  Minn. 

C.  LEE  JONES 

Chairman,  President 
\  &CEO 
Essential  Group 
Gurnee,  Ill. 


SUSANS.  KOZIK 

EVP  &  CTO 
TIAA-CREF 
New  York  City 

BUD  MATHAISEL 

Corporate  VP  &  CIO 
Solectron 
Milpitas,  Calif. 

RON  J.  PONDER,  PhD 

EVP&CIO 
WellPoint  Inc. 
Indianapolis 

SHELEEN  QUISH 

VP,  Corporate 
Marketing  &  Global 
CIO 

U.S.Can 
Lombard,  Ill. 


REBECCA  R.  RHOADS 

CIO 

Raytheon 
Lexington,  Mass. 

LARAINE  RODGERS 

President 

Arizona  Partnership 
for  Higher  Education 
and  Business 
Scottsdale,  Ariz. 

JAMES  F.  SUTTER 

Senior  Partner 

The  Peer  Consulting 

Group 

Newport  Beach, 

Calif. 

RICHARD  W. 
SWANBORG  JR. 

President 

ICEX 

Boston 


PATRICIA 

WALLINGTON 

President 
CIO  Associates 
University  Park,  Fla. 

ROBERT  P.  WEIR 

VP,  Information 

Services 

Northeastern 

University 

Boston 

STEVE  WILLIAMS 

SVP&CIO 
Mattress  Giant 
Addison,  Texas 


I  wish  everything  was  as  dependable 
as  a  Ricoh  MFP. 


Ricoh  dependability  moves  your  ideas  forward. 


ricoh-usa.com 

©2005  Ricoh  Corporation. 


RICOH 


IBM  eServer™  xSeries' 


PAY  MORE  ATTENTION  TO  SERVERS 
BEFORE  YOU  BUY  THEM.  1 

SO  YOU  CAN  PAY  LESS  ATTENTION 


Affordable,  reliable,  easy  to  manage:  eServer  xSeries  with  Intel®  Xeon™  Processors 


IBM  eServer  xSeries  226  Express 


IBM  eServer  xSeries  346  Express 


IBM  eServer  xSeries  366  Express 


0 

H — * 

C 

0 

o 

0 

~o 

m 

0 

> 

0 

CO 

0 


Flexible  and  easy  to  use 


IBM  eServer  BladeCenter  HS20  Expre: 


An  entry-level  server  that  offers 
the  reliability  and  performance 
needed  for  business-critical 
computing.  Easy  set  up,  deploy¬ 
ment,  and  access  to  ali  major 
system  components. 

System  features 

Up  to  two  Intel  Xeon 
Processors  3GHz/2MB 
Two-way  tower  with 
rack  capability 
Up  to  7  hot-swappable 
SCSI  hard  disk  drives 
Two  73GB  HS  SCSI  HDD 
standard 

Limited  warranty:  up  to  3 
years  on-site3 

From  $1,639*4 

(Other  configurations  as  low  as  $1,229  ) 

IBM  Financing  Advantage 

Only  $45  per  month5 


IBM  TotalStorage® 


Help  maximize  performance 
and  improve  availability  in  a 
rack  dense  environment  with 
Xtended  Design  Architecture:" 
includes  features  like  Calibrated 
Vectored  Cooling,  an  IBM  inno¬ 
vation  that  helps  to  cool  your 
system  and  improve  uptime. 

System  features 

Up  to  two  Intel  Xeon 
Processors  3GHz/2MB 
Two-way  2U  rack  server 
Up  to  2GB  DDR2  memory 
using  8  DIMM  slots  with 
enhanced  memory 
Limited  warranty:  up  to  3 
years  on-site3 

From  $3,999*4 

(Other  configurations  as  low  as  $2,2195) 

IBM  Financing  Advantage 

Only  $109  per  month5 


With  the  power  of  3rd  generation 
Enterprise  X-Architecture',“  it  sets  £0 
a  new  standard  for  4-socket, 

64-bit  servers.  Delivers  increased 
performance,  systems  manage¬ 
ability,  and  simultaneous  support 
for  32  and  64-bit  apps. 

System  features 

Up  to  four  64-bit  Intel  Xeon 
Processors  MP  3.66GHz 


Calibrated  Vectored  Cooling 
Limited  warranty:  up  to  3  years 
on-site3 

From  $1 3,779 *4 

(Other  configurations  as  low  as  $6,999  ) 


IBM  Financing  Advantage 

Only  $379  per  month5 


64GB  DDR  memory 
4GB  memory  expandable 
to  64GB 

Six  64-bit  Active  PCI-X  2.0 
IBM  Director 


Designed  to  support  the  Intel 
Xeon  Processor  and  packed 
with  high-availability  features, 
the  eServer  BladeCenter 
HS20  with  an  industry-leading 
modular  design  delivers  density 
without  sacrificing  processor 
performance. 

System  features 

Up  to  two  Intel  Xeon 

Processors  3.20GHz/2MB 

Up  to  14  blades  per  chassis 
Supports  both  32 

and  64-bit  applications 
IBM  Director 

Limited  warranty:  up  to  3  years 
on-site3 

From  $2,979 *4 

(Other  configurations  as  low  as  $1,839') 

IBM  Financing  Advantage 

Only  $82  per  month1 


Simplify  storage  management  to  help  improve  productivity 

IBM  TotalStorage  DS300  Express  System  features 


Entry-level,  cost-effective  SCSI  storage  systems 
designed  to  deliver  advanced  functionality  at  a 
breakthrough  price.  Provides  an  exceptional 
solution  for  work  group  storage  applications, 
such  as  e-mail,  file,  print,  database  and  Intel 
Xeon  Processor-based  servers. 


3U  rack-mount  entry  level  Starts  at  584GB  / 

Support  for  up  to  14  Scales  to  4.2TB 

Ultra320  SCSI  disk  drives  Limited  warranty:  1  year 

on-site3 

From  $5,355*  IBM  Financing  Advantage 

(Other  configurations  as  low  as  $2,995)  Only  $147  per  month 


*AII  prices  are  IBM's  estimated  retail  selling  prices  that  were  correct  as  of  June  3, 2005.  Prices  may  vary  according  to  configuration.  Resellers  set  their  own  prices,  so  reseller  prices  to  end  users  may  vary.  Product 
are  subject  to  availability.  This  document  was  developed  for  offerings  in  the  United  States.  IBM  may  not  offer  the  products,  features,  or  services  discussed  in  this  document  in  other  countries.  1.  IBM  Director 
not  available  on  TotalStorage  products.  2.  IBM  Director  must  be  installed.  Products  included  in  IBM  Express  Servers  and  Storage  may  also  be  purchased  separately.  3.  Telephone  support  may  be  subject 
additional  charges.  For  on-site  labor,  IBM  will  attempt  to  diagnose  and  resolve  the  problem  remotely  before  sending  a  technician.  4.  Prices  subject  to  change  without  notice.  Price  may  not  include  a  hard  drive 
operating  system  or  other  features.  Contact  your  IBM  representative  or  IBM  Business  Partner  for  the  most  current  pricing  in  your  geography.  5.  IBM  Global  Financing  terms  and  conditions  and  other  restriction: 


TO  THEM  AFTER. 


With  IBM®  Express  Servers  and  Storage™  offerings 
designed  for  mid-sized  businesses,  help  is  here. 

You’ve  already  got  a  zillion  things  that  require  your 
attention -you  shouldn’t  have  to  worry  about  your  systems. 
That’s  why  IBM  Express  products  offer  reliability  features, 
which  help  them  do  their  job  so  you  can  focus  on  yours. 

Take  IBM  Director,  which  comes  standard.1  It  can  pro¬ 
actively  notify  you  of  a  potential  problem -up  to  48  hours 
in  advance.  Or  our  Calibrated  Vectored  Cooling  feature 
available  on  select  xSeries  systems.  It  can  cool  your 
system  more  efficiently.  This  means  more  features  can  be 
packed  into  a  smaller  server -for  more  functionality  and 
greater  flexibility. 

It’s  just  an  example  of  our  self-managing  features  that  help 
you  take  back  control  of  your  IT.  Which  can  help  lower 
your  maintenance  costs,  too.  Because  with  IBM  Express 
Servers  and  Storage,  innovation  comes  standard.  It’s 
not  optional.  Plain  and  simple,  it’s  built  in 2 

There’s  also  one  more  great  feature-your  IBM  Business 
Partner.  Which  means  you  can  have  a  one-to-one  chat 
with  someone  who  understands  your  industry  and  your 
business-and  who’s  located  in  your  neck  of  the  woods. 
And  for  mid-sized  businesses,  that’s  really  big  help  in  a 
really  big  way. 


S  THE  WORLD’S  HELP  DESK 


Lea.rn  more  ciboat'  oar  -fall 


range  of  X&m  Express 


prod  act*?  a,n<A  fencing 


options.  And  -find  W\e  XB-aa 

Business  Partner  near  you. 

who  cgr\  help  you,  choose  tine 


r\ 


lyTiti  syste 


m  to  meet 


y oar 


r 


erpurements. 


ibm.com/eserver/helpisherel 

1-800-1 BM-7777 

mention  104CE01A 


SIZE  OF  BUSINESS 


Q 


Q\ 


HELP  FOR  ANY  SIZE  PROBLEM 


IBM  TotalStorage  DS400  Express 


System  features 


With  advanced  functionality,  the  DS400  provides 
an  exceptional  solution  for  work  group  storage 
applications.  It  supports  Intel  Xeon  Processor- 
based  servers  and  offers  Fibre  Channel  drives 
designed  for  high  performance,  and  hot-swap 
Ultra320  SCSI  drives  designed  for  high  reliability. 


2GB  Fibre  Channel  storage  Starts  at  584GB  /  Scales  to  12TB 

systems  area  network  (SAN)  Limited  warranty:  1  year  on-site3 

3U  rack-mount  entry  level 


From  $8,495*  IBiVi  Financing  Advantage 

(Other  configurations  as  low  as  $4,995)  Only  $234  per  month 


may  apply.  Monthly  paymen!  provided  is  for  planning  purposes  only  and  may  vary  based  on  customer  credit  and  other  factors.  Rates  and  offerings  are  subject  to  changes,  extension  or  withdrawal  without  notice.  IBM. 
eServer,  BladeCenter,  xSeries.  TotalStorage.  IBM  Express  Servers  and  Storage,  Enterprise  X-Architecture  and  Xtended  Design  Architecture  are  trademarks  or  registered  trademarks  of  International  Business  Machines 
Corporation  in  the  United  States  and/or  other  countries.  Intel,  Intel  Inside,  the  Intel  Inside  logo,  and  Intel  Xeon  are  trademarks  or  registered  trademarks  of  Intel  Corporation  or  its  subsidiaries  in  the  United  States 
and  other  countries.  Other  company,  product  and  service  names  may  be  trademarks  or  service  marks  of  others.  ©  2005  IBM  Corporation.  All  rights  reserved. 


Bennett Gaifes  CIO  of  Cinergy 
Corp.,  foundthat  a  small,  well- 
defined  relationship  with  an 
outsourcer  Was  so  useful  that 
he  expanded  the  arrangement 
to  the  entire  enterprise. 


i 


Reader  ROI 

::  Why  transactional 
relationships  are  the 
most  successful  type 
of  outsourcing 

::  Howto  determine 
which  processes  can 
be  outsourced 

::  What  to  watch  out 
for  in  outsourcing 
relationships 


50 


OCTOBER  1,  2005  |  www.cio.com 


PHOTO  BY  STEPHEN  WEBSTER 


Cover  Story 


S 

IM 

PLE 

Successful 

Outsourcing 


CIOs  who  outsource 
discrete  processes  that 
have  well-defined 
business  rules  are 
almost  always  happy 
with  the  outcome 


BY  STEPHANIE  OVERBY 


You’ve  heard  the  tales  of  outsourcing  gloom 
and  doom  and  read  about  the  staggering  per¬ 
centages  of  outsourcing  failure.  Now  consider 
these  three  CIOs’  experiences: 

■  Five  years  ago,  a  business  unit  at  energy  giant  Cinergy  Corp. 
outsourced  database  administration  services,  with  no  plan  to  extend 
the  contract  to  any  other  part  of  the  business.  But  when  Cinergy  cen¬ 
tralized  IT  two  years  later,  CIO  Bennett  Gaines  called  on  the  outsourcer 
to  provide  database  administration  services  enterprisewide.  Since 
then,  the  outsourcer  has  proved  instrumental  in  a  major  technology 
shift— from  data  marts  to  an  enterprise  data  warehouse. 

■  Four  years  ago,  Summit 
Information  Systems,  a  software 
developer  for  credit  unions,  out¬ 
sourced  disaster  recovery  serv¬ 
ices  for  its  data  center,  located  in 
central  Florida.  In  2004,  as 
Florida  faced  the  worst  hurri¬ 
cane  season  in  its  history,  “[the 
outsourcing  vendor]  was  willing  to  do  whatever  it  took  to  keep  our  sys¬ 
tems  up  and  running,”  says  Steve  Steinbach,  Summit’s  vice  president 
of  data  center  operations. 

■  Three  years  ago,  JM  Family  Enterprises  outsourced  all  main¬ 
frame  hardware,  software  and  operations  because  mainframe  usage 

Continued  on  Page  54 


Part  1  of  a  three-part  series  about  out 
sourcing  strategies  and  success  mod¬ 
els,  defined  in  original  research  by  MIT’ 
Centerfor  Information  Systems 
Research  and  C/0. 


www.cio.com  |  OCTOBER  1,  2005 


51 


HOW  MANY  PEOPLE  DOES 
TO  SUPPORT  A  SINGLE 

(THAT’S  TOO  MANY. ) 


4 


0 

£ 

O 

CL 


With  IBM®  Express  Servers  and  Storage™  designed  for 
mid-sized  businesses,  help  is  here. 


Servers  should  support  a  business,  not  the  other  way  around. 
That’s  why  IBM  Express  Servers  have  self-managing  features:  so 
that  our  servers  can  virtually  run  themselves.  What’s  more,  with 
IBM  Express  Servers  and  Storage,  innovation  comes  standard. 
Take  the  OpenPower™  710  Express,  for  instance.  It’s  specially 
tuned  for  Linux®  and  offers  the  reliability  of  POWER5™  technology 
at  a  surprisingly  low  price.1 


System  features 


Increase  computing  power,  availability  and  scalability 
in  a  rack  dense  environment 


Tuned  for  Linux 

IBM  eServer  OpenPower  710  Express 


And  while  you  can’t  be  in  two  places  at  the  same  time,  you  might 
want  to  look  into  the  innovative  server  feature  that  can.  For  example,  q_ 
the  remarkable  Advanced  POWER™  Virtualization  option  -  it  lets  o 
one  OpenPower  710  Express  act  as  many  virtual  ones. 

0 

On  top  of  that  there’s  IBM  TotalStorage  products,  which  offer  a  wide 
range  of  disk,  tape,  and  storage  software  solutions  -  so  you  can 
choose  the  right  options  to  meet  the  growing  needs  of  your  company. 


Ideal  for  consolidation  of  infrastructure  workloads 
(Web  serving,  file,  print,  security  applications) 

Robust  64-bit  mainframe-inspired  POWER5  systems 

2-way  19"  rack  server 

Up  to  32GB  of  memory 

Optional  Advanced  POWER  Virtualization’ 

DB2®  Express  Discover  CD 


There’s  also  one  more  great  feature  -  your  IBM  Business  Partner. 
Which  means  you  can  talk  to  someone  who  understands  your  QO 
industry  and  your  business  -  and  who’s  located  in  your  neck  of  the 
woods.  And  for  mid-sized  businesses,  that’s  really  big  help  in  a 
really  big  way. 


Limited  warranty:  up  to  3  years  on-site2 

From  $4,477* 

IBM  Financing  Advantage 

Only  $124  per  month3 


*  All  prices  stated  are  IBM's  estimated  retail  selling  prices  that  were  correct  as  of  May  6,  2005.  Prices  may  vary  according  to  configuration.  Resellers  set  their  ow 
prices,  so  reseller  prices  to  end  users  may  vary.  Offers  are  for  business  customers  only  and  are  subject  to  availability.  This  document  was  developed  fc 
offerings  in  the  United  States.  IBM  may  not  offer  the  products,  features,  or  services  discussed  in  this  document  in  other  countries.  'The  Linux  operating  syster 
for  the  OpenPower  710  Express  must  be  purchased  separately.  Price  does  not  include  virtualization  option,  telephone  support  may  be  subject  to  addition? 
charges.  For  on-site  labor,  IBM  will  attempt  to  diagnose  and  resolve  the  problem  remotely  before  sending  a  technician.  3IBM  Global  Financing  terms  am 
conditions,  and  other  restrictions  may  apply.  Monthly  payments  provided  are  for  planning  purposes  only  and  may  vary  based  on  customer  credit  and  othe 
factors.  Rates  and  offerings  are  subject  to  change,  extension  or  withdrawal  without  notice.  4Customer  Replaceable  Unit  (CRU)  service  is  available  in  most  countrie; 


ibivr TotalStorage’ 


IT  TAKE 
SYSTEM? 


S  _ 

Simplify  storage  management  to  improve  productivity 


IBM  TotalStorage  3580  Express 


IBM  TotalStorage  DS4300  Express5 


The  3580  Express  helps 
address  your  growing  storage 
requirements  and  the 
problem  of  shrinking  backup 
windows.  It  supports  cost- 
effective  backup,  save  and 
restore,  and  data  archiving. 

System  features 

Built  on  Ultrium®  3  technology 

Read/write  compatible  with 
cartridges  written  by 
Ultrium  2  drives 

Read  compatible  with 
Ultrium  1  cartridges 

Up  to  400GB  cartridge  capacity. 
Up  to  800GB  with 
2  to  1  compression 

Limited  warranty:  3  years4 

From  $5,850* 

IBM  Financing  Advantage 

Only  $167  per  month3 


With  a  scalable  design,  the 
DS4300  Express  is  designed 
to  provide  a  reliable  and 
affordable  storage  option  to 
help  simplify  your  data 
management  needs. 

System  features 

2GB  Fibre  Channel  SAN-ready 

3U  rack  mount  entry  level 

Scales  to  33.6TB 

Supports  up  to  112  Fibre  Channel 
disk  drives  -  with  optional 
EXP710  expansion  units6 

Heterogeneous  OS  support 

Limited  warranty:  3  years  on-site2 

From  $8,655* 

IBM  Financing  Advantage 

Only  $238  per  month5 


S  THE  WORLD’S  HELP  DESK 


L earn  more  about-  our 
■full  range  of  TTB-m  Express 

product .  And  find  the 

X&m  Business  Partner 
near  ysu  -  who  is  ;TB>m 

trained  tv  Knew  which 
systems  meet-  your  Specific 

requirements, 

ibm.com/eserver/helpishere2 

1-800-1 BM-7777 

mention  104CE02A 


HELP  FOR  ANY  SIZE  PROBLEM 


General  product  availability  of  IBM  TotalStorage  DS4300  Express  is  expected  to  be  6/17/05.  6EXP710  expansion  unit  is  not  included  in  the  price  MB,  GB 
ind  TB  equal  1,000.000, 1,000,000,000  and  1,000,000,000.000  bytes,  respectively,  where  referring  to  storage  capacity.  Actual  storage  capacity  will  vary  based 
ipon  many  factors  and  may  be  less  than  stated.  Some  numbers  for  storage  capacity  are  given  in  native  mode  followed  by  capacity  using  data  compression 
echnology.  IBM,  eServer,  POWER5,  OpenPower,  IBM  Express  Servers  and  Storage,  DB2,  POWER  and  IBM  TotalStorage  are  trademarks  or  registered  trademarks 
>f  International  Business  Machines  Corporation  in  the  United  States  and/or  other  countries.  Linux  is  a  registered  trademark  of  Linus  Torvalds  in  the  United  States 
ind  other  countries.  Linear  Tape-Open,  LTO,  and  Ultrium  are  trademarks  of  Certance,  HP  and  IBM  in  the  U.S.  and  other  countries.  Other  company,  product,  and 
ervice  names  may  be  trademarks  or  service  marks  of  others.  ©2005  IBM  Corporation.  All  rights  reserved. 


Cover  Story  Outsourcing 


Continued  from  Page  51 

at  the  $8.2  billion  automotive  holding  company  had  leveled  off.  The 
outsourcing  vendor  immediately  optimized  operations  so  that 
critical  month-end  financial  reports  landed  on  the  desks  of  JM 
Family  executives  first  thing  in  the  morning  rather  than  late  in  the 
afternoon,  as  was  the  norm.  “It  was  the  same  hardware.  The  same 
data.  But  they  were  able  to  gain  efficiencies  because  they  knew 
how  to  run  a  mainframe  better  than  we  were  ever  able  to,”  says 
Senior  VP  and  CIO  Ken  Yerves. 

What’s  this?  IT  executives  who  are 
satisfied  with  their  outsourcing 
arrangements— even  praising  their 
vendors?  This  might  seem  strange, 
as  mass  indictments  of  outsourcing 
have  led  to  misperceptions.  In  fact, 
some  slices  of  outsourcing  are  almost 
always  successful. 

Cinergy,  Summit  and  JM  Family 
achieved  success  by  outsourcing 
well-defined  processes  that  had 
clear  business  rules.  Jeanne  W.  Ross, 
principal  research  scientist  at  MIT’s 
Center  for  Information  Systems 
Research  (CISR),  calls  such  out¬ 
sourcing  arrangements  “transaction 
relationships.”  These  are  the  most 
straightforward  of  outsourcing  deals. 

The  work  is  relatively  easily  defined, 
and  the  CIO  wants  to  farm  it  out  for 
clear  reasons:  to  gain  access  to  spe¬ 
cific  technology  expertise,  to  deal 
with  variable  demand  for  certain  IT 
services,  or  to  free  up  internal  staff 
for  higher-value  work.  And  in  these 
relationships,  vendor  and  customer 
needs  are  usually  aligned;  what  the 
two  parties  want  coincides  more 
often  than  not. 

In  a  recent  study  by  CISR  and  CIO 
magazine  of  90  outsourcing  deals  at 
84  companies,  CIOs  showed  much 
greater  satisfaction  with  transaction 
relationships  than  with  any  other 
type  of  outsourcing.  (See  “Sustainable 
Value  from  Outsourcing,”  this  page, 
for  a  summary  of  the  research  Find¬ 
ings  and  the  three  types  of  outsourc¬ 
ing  arrangements  identified.)  Nine 
out  of  10  IT  executives  in  the  study 
reported  success  with  their  transac¬ 
tion  outsourcing.  And  CIOs  who 
develop  satisfactory  transaction  rela¬ 
tionships  can  reap  more  rewards  than 

54  OCTOBER  1,  2005  |  www.cio.com 


simply  saving  money  or  freeing  up  staff.  “Companies  excelling  at 
transaction  relationships  achieve  agility  because  managers  focus  on 
processes  that  distinguish  the  company,  rather  than  the  silly  things 
they  must  get  right  but  don’t  want  to  bother  with,”  Ross  says. 

That’s  not  to  say  all  these  stories  have  happy  endings.  After  all, 
there  is  the  10  percent  that  doesn’t  work  out.  And  even  success¬ 
ful  transaction  relationships  can  create  significant  problems  if 
you’re  not  careful,  such  as  application  silos  and  poorly  struc- 


Sustainable  Value 
from  Outsourcing 

BY  JEANNE  W.  ROSS  AND  CYNTHIA  M.  BEATH 

IT  executives  entering  into  IT  and  business  process  outsourcing  arrangements  seek  a 
variety  of  benefits,  including  cost  reductions,  variable  capacity  and  reduced  manage¬ 
ment  time  spent  on  IT.  But  outsourcing  succeeds  only  if  both  the  vendor  and  the  client 
achieve  expected  benefits.  Often  client  and  vendor  interests  are  not  aligned.  How  can 
clients  and  vendors  settle  into  a  “sweet  spot”  where  their  interests  coincide?  New 
research  from  the  Massachusetts  Institute  of  Technology’s  Center  for  Information  Sys¬ 
tems  Research  (CISR)  and  CIO  examined  90  outsourcing  deals  in  84  companies  to  help 
executives  recognize  opportunities  for  long-term  benefits  from  outsourcing  relation¬ 
ships. 

We  found  that  the  outsourcing  sweet  spot  depends  on  the  nature  of  the  client-vendor 
relationship.  We  distinguish  among  three  types  of  outsourcing  relationships:  1.  a  trans¬ 
action  relationship,  in  which  an  outsourcer  executes  a  well-defined,  repeatable  process 
for  a  client;  2.  a  co-sourcing  alliance,  in  which  client  and  vendor  share  management 
responsibility  for  a  project’s  success;  and  3.  a  strategic  partnership,  in  which  an  out¬ 
sourcer  takes  on  responsibilities  for  a  bundle  of  its  client’s  operational  services. 

This  article  focuses  on  transaction  relationships,  describing  the  kinds  of  services 
outsourced,  the  metrics  that  enable  executives  to  assess  the  success  of  the  outsourcing 
arrangement,  and  the  risks  to  both  client  and  vendor.  In  Parts  2  and  3  of  this  series,  we 
will  address  co-sourcing  alliances  and  strategic  partnerships. 

HOW  TO  MAKE  TRANSACTION  RELATIONSHIPS  WORK 

Transaction  relationships  are  appropriate  for  activities  guided  by  clear  business  rules 
that  are  common  across  many  organizations.  These  activities  include  commodity 
services— necessary  but  nondistinctive  services— such  as  accounts  payable  process¬ 
ing,  expense  reporting,  desktop  provisioning,  backup  and  disaster  recovery,  and  main¬ 
frame  processing,  as  well  as  more  specialized,  repeatable  processes  such  as  credit 
checks,  online  gift  registry  services  or  unique  technology  services. 

Our  study  found  statistically  significantly  greater  satisfaction  with  transaction  relation¬ 
ships  than  with  either  of  the  other  types  of  relationship  and  90  percent  success  rates  for 
both  clients  and  vendors.  We  attribute  that  satisfaction  to  a  large  overlap  between  what 
clients  want  from  their  vendors  and  what  vendors  are  able  to  deliver. 

Clients  have  three  key  objectives  in  their  transaction  relationships:  access  to  best 
practices,  variable  capacity  and  the  ability  to  redirect  Continued  on  next  page  » 


CITRIX 


Citrix  NetScaler 

makes  any  application 

run  up  to 

15  times  faster 

for  anyone,  anywhere. 


Every  day,  leading  Global  2000  enterprises, 
including  the  five  largest  e-businesses  in 
the  world,  rely  on  Citrix19  NetScaler9*  solutions 
to  dramatically  accelerate  application 
performance.  All  without  adding  servers, 
bandwidth,  or  consultants.  Perhaps  that’s 
why  Citrix  NetScaler  application  delivery 
systems  are  rated  #1  in  customer  satisfac¬ 
tion  among  Layer  4-7  networking  vendors. 
See  what  Citrix  NetScaler  can  do  for  you 
at  www.citrix.com/netscaler 


dTRIX 


©  2005  Citrix  Systems,  Inc.  All  rights  reserved.  Citrix  and  NetScaler  are  trademarks  of  Citrix  Systems, 
Inc.,  and/or  one  or  more  of  its  subsidiaries,  and  may  be  registered  in  the  U.S.  and  in  other  countries. 


Cover  Story  Outsourcing 


«  Continued  from  previous  page 

management  attention  to  core  competencies.  Vendors  address  those  needs  by  devel¬ 
oping  best  practices,  solid,  scalable  technical  platforms  and  other  valuable  assets 
that  allow  them  to  improve  service  and  lower  costs.  For  example,  eFunds  has  built  a 
large  database  of  debit  information  that  is  the  key  to  its  credit-checking  process.  This 
distinctive  asset— which  clients  either  cannot  or  would  not  replicate— helps  to  protect 
the  vendor’s  margins. 

Successful  transaction  relationships  have  low  management  overhead.  Customiza¬ 
tion,  protracted  contract  negotiations  or  client  interference  with  how  the  vendor  per¬ 
forms  the  process  will  increase  costs  and  undermine  benefits  for  both  parties.  But  a 
hands-off  transaction  relationship  can  deliver  hassle-free,  high-quality  services  to 
clients  and  reasonable  margins  to  vendors. 

UNDERSTANDING  THE  THREE  TYPES  OF  OUTSOURCING 

The  three  types  of  outsourcing  relationships  are  so  different  that  learning  gained  in  one 
type  of  relationship  does  not  transfer  to  another.  We  believe  companies  can  become 
competent  in  all  three  types  of  relationships.  But  it  is  important  to  match  specific  out¬ 
sourcing  needs  with  the  appropriate  type  of  relationship. 

Clients  managing  transaction  relationships  as  strategic  partnerships  incur  expen¬ 
sive  and  unnecessary  overhead.  Co-sourcing  that  isn’t  treated  like  a  team  environment 
is  sure  to  suboptimize  outcomes.  And  clients  and  vendors  in  strategic  partnerships 
who  refuse  to  regularly  renegotiate  and  adapt  to  the  changing  needs  of  their  partner 
will  become  embroiled  in  bitter  contract  battles. 

IT  executives  need  to  understand  the  risks  of  each  relationship.  Risks  increase  as 
the  boundaries  between  client  and  vendor  responsibilities  blur  and  the  scope  of 
responsibilities  expands.  Even  transaction  relationships  bear  significant  risks.  We 
found  that  companies  emphasizing  transaction  relationships  had  statistically  signifi¬ 
cantly  less  mature  enterprise  architectures.  Low  architecture  maturity  means  that  a 
company  has  unnecessary  variability  in  technical  platforms,  redundant  systems  and 
limited  access  to  shared  data.  Companies  with  mature  architectures  can  utilize  out¬ 
sourced  transactions  on  a  plug-and-play  basis,  but  companies  with  low  architecture 
maturity  might  simply  reinforce  application  silos.  In  the  shortterm,  this  could  help  a 
company  clean  up  isolated  processes,  but  overtime  it  inhibits  the  organization's  ability 
to  respond  to  changing  market  conditions. 

CIOs  should  encourage  a  gradual  approach  to  transaction  outsourcing  as  their 
architecture  matures  and  they  develop  standardized,  low-maintenance  electronic 
interfaces.  In  all  outsourcing,  both  client  and  vendor  should  target  the  sweet  spot  to 
maximize  benefits  to  both  parties. 


Jeanne  Ross  is  principal  research  scientist  at  the  Massachusetts  Institute  of  Technol¬ 
ogy's  Center  for  Information  Systems  Research.  Cynthia  Beath  is  a  professor  emerita 
in  the  Department  of  Management  Science  and  Information  Systems  at  the  University 
of  Texas  at  Austin. 


tured  enterprise  architectures.  But 
CIOs  who  engage  in  well-defined 
and  well-managed  transaction  rela¬ 
tionships  with  outsourcers  will,  in 
all  probability,  gain  the  sustainable 
value  they’re  seeking. 

How  to  Decide 
What  Goes 

Choosing  which  work  to  outsource 
and  which  vendor  to  send  it  to  are  the 
first  decisions  any  CIO  makes  in  a 
transaction  relationship.  But  these 
first  steps  can  be  the  most  critical.  The 
key  to  success  with  this  kind  of  out¬ 
sourcing,  says  Ross,  is  making  sure 
that  what  you  send  to  the  vendor  is 
something  “extractable”— that  is,  eas¬ 
ily  definable,  removable  or  consid¬ 
ered  noncore.  Tasks  such  as  desktop 
provisioning,  business  continuity 
and  mainframe  processes  tend  to  fall 
into  this  category. 

In  some  cases,  the  categorization 
of  a  slice  of  IT  work  as  extractable  is 
straightforward.  Guy  de  Poerck,  CIO 
of  the  International  Finance  Corp. 

(IFC),  an  arm  of  the  World  Bank,  has 
been  outsourcing  help  desk  services 
to  Affiliated  Computer  Services 
(ACS)  for  six  years  and  hasn’t  had  to 
give  it  a  second  thought.  “With  help 
desk,  the  transaction  is  pretty  sim¬ 
ple,”  says  de  Poerck.  “I  know  it’s  suc¬ 
cessful  because  I  hear  so  little  about 
it.  I’ve  never  been  confronted  with 
a  problem.” 

But  what  is  easily  definable,  remov¬ 
able  or  considered  noncore  can  vary 
by  company.  JM  Family  has  a  well- 
defined  annual  process  for  categoriz-  :  ■ 
ing  its  technology.  The  process  helps  it 
to  prioritize  IT  spending  and  decide  H 
what  should  be  done  in-house  versus  ■ 
what  might  be  a  candidate  for  out¬ 
sourcing.  Every  August,  CIO  Yerves  divides  all  technology  into  four 
categories:  emerging,  mainstream,  contained  and  retirement.  Emerg¬ 
ing  and  mainstream  technologies  are  where  the  IT  department 
focuses  its  budget,  training  and  staff.  Contained  technologies  are 
systems— often  legacy  systems— that  are  not  growing  in  usage  but 
that  must  be  kept  up  and  running  and  are  therefore  candidates  for 
outsourcing  (although  internal  improvements  in  efficiency  might 


suffice  as  well).  And  retirement  systems  are,  well,  on  their  way  out. 

Going  through  this  process  in  August  2002,  Yerves  and  his  lead¬ 
ership  team  categorized  mainframe  operations  in  the  contained 
category  for  the  first  time.  One  of  the  company’s  three  business 
units  had  plans  to  wean  itself  from  the  mainframe.  The  others  con¬ 
tinued  to  employ  the  services  but  with  no  increase  in  usage.  In 
addition,  managing  mainframe  operations  was  a  fixed  cost  in  the  IT 


56 


OCTOBER  1,  2005  |  www.cio.com 


WE  MAKE  THE  COMPLEX  NATURE  OF  YOUR 
BUSINESS  LOOK  SOMETHING  LIKE  THIS. 


SecureSource 

Companies  set  high  standards  for  data  centers.  That's  why  there's  MFX  SecureSource.  We  deliver  the  capacity,  bandwidth 
and  up-to-the  minute  storage  technology  it  takes  to  keep  your  data  in  line.  And  then  we  back  it  up  with  the  people 
who  can  back  you  up.  Sounds  ducky,  right?  So  call  us. 

1.866.639.6399  or  visit  www.mfxfairfax.com 


MFX0 

Moving  at  the  speed  of  opportunity. 


Cover  Story  Outsourcing 


It  was  the 
same  hardware. 
The  same 
data.  But  the 
outsourcer  was 
able  to  gain 
efficiencies 
because they 
knew  how 


mainframe 
better  than 
we  were  ever 
a 


■Ken  Yerves,  senior  VP  and 
CIO,  JM  Family  Enterprises 


budget,  even  though  the  company’s  usage  was  variable. 

So  Yerves  began  to  examine  potential  outsourcing  vendors  in 
early  2003,  narrowing  the  field  to  two  contenders  by  April.  He 
put  together  a  valuation  matrix  that  explored  what  the  vendors 
could  offer  in  variable  capacity  and  cost.  Variability  was  impor¬ 
tant  because  of  the  peaks  and  valleys  in  the  business’s  main¬ 
frame  processing  needs.  Ultimately  Yerves  went  with  IBM. 

But  settling  on  the  right  outsourcer  wasn’t  the  trickiest  part  for 
JM  Family.  As  evidenced  in  the  CISR -CIO  study,  protracted  con¬ 
tract  negotiations  can  ruin  a  transaction  outsourcing  arrangement. 
“The  concept  of  a  transaction  relationship  is,  in  some  respects,  an 


oxymoron.  Ideally,  there  is  only  barely  a  rela¬ 
tionship-much  like  we’d  have  at  the  grocery 
store  with  the  sales  clerk.  I  find  what  I  want, 
the  clerk  rings  it  up,  I  pay,”  Ross  says.  “If  client 
and  vendor  engage  in  protracted  negotiations 
about  unique  features  or  special  pricing 
arrangements,  they  no  longer  have  a  simple 
transaction.” 

And  Yerves  had  heard  horror  stories  from 
peers  and  analysts  about  disputes  over  out¬ 
sourcing  contracts.  So  he  sought  to  circum¬ 
vent  contractual  conflicts  by  streamlining  the 
process.  Yerves  gathered  leaders  and  lawyers 
from  both  the  vendor  and  JM  Family  and 
sequestered  them  in  a  local  hotel.  “We  gave 
them  72  hours  and  said  if  we  can’t  get  to  an 
agreement  by  then,  we  don’t  have  a  deal,”  he 
says.  And  it  worked.  Before  the  clock  ran  out, 
JM  Family  and  IBM  had  inked  a  deal.  “We 
were  able  to  mitigate  that  early  risk”  of  long  or 
contentious  negotiations,  he  says. 

In  fact,  a  mark  of  good  transaction  rela¬ 
tionships  is  that  contract  negotiations  are 
straightforward.  The  services  to  be  out¬ 
sourced  are  extractable,  and  companies  and 
vendors  have  similar  goals  for  the  arrange¬ 
ment:  Make  it  fast,  easy  and  cheap.  “It’s  a  lot 
easier  to  get  to  success  with  transactional- 
type  outsourcing  [than  with  other  types]  if 
the  customers  have  well-defined  require¬ 
ments,”  says  Mary  Lacity,  professor  of  infor¬ 
mation  systems  at  the  University  of  Missouri. 
“If  the  customers  know  exactly  what  they 
want,  they  can  tell  the  vendor,  and  the  vendor 
can  price  [the  contract]  correctly.  The  expec¬ 
tations  [for  the  outsourcing  arrangement] 
can  then  be  well  defined  in  the  contract.” 

Learn  to  Let  Go 

When  it  comes  to  transaction  relationships, 
management  is  best  when  it  manages  least. 
Client  interference  with  how  the  vendor  performs  the  process  will 
increase  costs  and  undermine  benefits  for  both  parties,  according 
to  the  CISR -CIO  study.  But  letting  go  of  the  day-to-day  management 
can  be  difficult  for  CIOs. 

Summit’s  Steinbach  is  ultimately  responsible  for  the  Florida 
data  center  that  supports  125  of  the  company’s  300  customers.  It 
houses  1.2  million  bank  accounts  and  processes  a  million  transac¬ 
tions  a  day.  If  the  data  center  goes  down,  Steinbach  goes  down.  In 
2001,  Steinbach  decided  it  would  be  easier  and  cheaper  to  out¬ 
source  disaster  recovery  services.  But  that  left  him  dependent  on  an 
outside  organization  to  keep  things  running  come  hell  or  high 


58  OCTOBER  1,  2005  |  www.cio.com 


PHOTO  BY  JEFFERY  SALTER 


— 


r 


X 


AT&T 

and 

VOIP 


Can  your 
network  say 
it’s  taken 
the  plunge? 


NAVIGATE  THE  FUTURE.  When  we  wanted  a  deeper  understanding  of  how  VoIP  can  help 
transform  businesses,  we  volunteered  ourselves.  Our  own  VoIP  implementation  led  us 
to  discover  a  whole  new  way  of  doing  business  —  a  more  efficient  and  flexible  one. 
The  impact — a  12.5%  increase  in  productivity  and  savings  of  $180  million  annually. 
As  our  productivity  grew,  we  continued  to  expand  VoIP,  which  is  now  used  by  20,000 
AT&T  employees  and  growing.  When  it  comes  to  VoIP,  we  at  AT&T  didn’t  just  get  our 
feet  wet,  we  dove  in.  We  can  help  you  do  the  same.  CAN  YOUR  NETWORK  DO  THIS? 


— 


AT&T 

The  world's  networking  company* 


To  find  out  how  AT&T’s  VoIP  experience  can  benefit  your  business,  go  to: 

att.com/transform 


02006  AT&T 


Cover  Story  Outsourcing 


water  (or  high  winds).  He  was  confident  in  his  selection  of  Hewlett- 
Packard  to  do  the  work.  But  still,  “my  biggest  concern  was  a  lack  of 
control,”  he  says.  “If  you’re  doing  it  yourself,  it  seems  like  you  have 
more  control  over  it,  and  you  feel  much  more  comfortable  about  it.” 

So  when  the  transfer  to  HP  took  place  during  the  summer  of 
2002  (a  quiet  hurricane  season  in  the  Atlantic),  Steinbach  eased 
his  mind  through  testing.  He  purchased  two  extra  days  of  testing 
beyond  the  six  days  included  in  the  deal,  and  after  each  test  he 
attended  the  postmortem,  during  which  HP  figured  out  how  to 
further  streamline  the  backup  and  disaster  recovery  processes.  It 
was  a  learning  experience  for  client  and  vendor  alike.  With  each 
test,  HP  performed  better.  And  after  each  test,  Steinbach  loos¬ 
ened  his  reins  a  bit  more.  “I  felt  it  was  important  to  take  that  extra 
time  the  first  year  to  make  sure  we  knew  what  we  were  doing,”  he 
says.  “I  became  more  familiar  with  how  their  facilities  were  laid 
out  and  with  their  staff.  And  they  became  more  familiar  with  us 
and  our  business.” 

But  2004— dubbed  “hurricane  summer”  down  south— was  a 
test  of  a  different  sort.  Steinbach  declared  three  emergencies  at 
the  data  center  that  year,  but  by  that  time  he  was  comfortable  with 
standing  back  and  letting  HP  handle  it.  The  vendor  provided  mon¬ 


itoring  and  remained  on  standby  throughout  Hurricane  Frances, 
a  Category  4  storm  that  made  landfall  close  to  Summit’s  data  cen¬ 
ter.  HP  even  agreed  to  leave  its  backup  systems  on  for  the  remain¬ 
ing  months  of  hurricane  season  in  case  more  storms  hit,  without 
charging  Summit  more.  That  solution  “saved  both  parties  a  lot  of 
time  and  effort  and  turned  out  to  be  a  great  plan,”  Steinbach  says. 

Steinbach  funneled  his  energy  into  streamlining  processes  on 
the  Summit  end,  such  as  learning  that  he  needed  to  declare  an 
emergency  to  HP  sooner  in  the  process  rather  than  waiting  and 
hoping  a  storm  might  take  a  different  path.  Today,  he  says,  he 
spends  very  little  time  on  the  relationship  with  HP.  And  the  more 
he’s  stepped  back,  the  more  they’ve  stepped  up.  When  the  hurri¬ 
canes  started  up  again  early  this  summer,  the  vendor  was  calling 
him  rather  than  the  other  way  around.  “They’re  totally  in  tune 
with  us  and  what  we  need  now,”  Steinbach  says. 

But  while  transaction  relationships  tend  to  be  hands-off  from  a 
day-to-day  management  perspective,  it  can  be  valuable  to  revisit 
these  relationships  to  see  what  can  be  improved.  And  because  client 
and  vendor  needs  and  expectations  are  often  in  alignment,  out¬ 
sourcers  are  often  amenable  to  making  the  arrangement  more  effec¬ 
tive  because  what  they  learn  may  help  them  serve  their  entire  client 

base  better.  Steinbach,  for  example, 
has  made  changes  to  his  contract  with 
HP  four  times,  adding  equipment  to 
their  backup  site  or  addressing  meth¬ 
ods  of  improvement.  “They’ve  been 
very  flexible  with  us,”  he  says.  “And 
we  weren’t  expecting  that.” 

The  suggestions  for  improvements 
can  sometimes  come  from  the  ven¬ 
dors  themselves.  Of  course,  the  out¬ 
sourcer  has  its  own  motives,  such  as 
cost  efficiencies,  for  making  such 
advances,  but  given  the  nature  of 
transaction  relationships,  these  can 
work  out  well  for  the  customer  too. 
For  example,  under  its  original  con¬ 
tract  with  International  Finance 
Corp.,  ACS  had  been  providing  onsite 
help  desk  service  during  work  hours 
in  IFC’s  Washington,  D.C.,  office.  At 
night,  a  single  ACS  employee  took  a 
pager  home  to  handle  off-hours  prob¬ 
lems.  It  worked  out  OK,  and  there 
were  no  major  complaints.  “But 
frankly,”  says  de  Poerck,  “the  service 
was  dependent  on  the  ability  and 
commitment  of  that  one  person.” 

Nine  months  ago,  ACS  approached 
de  Poerck  with  a  proposal:  ACS  could 
now  offer  24/7  help  desk  support  to 
IFC  for  the  same  price.  The  reason? 
ACS  was  now  able  to  transfer  off- 


Find  the  Sweet  Spot 


90%  of  transaction  relationships  succeed  because  CIOs’  goals  and 
vendors’  capabilities  match  up  well 

Transaction  Outsourcing:  Objectives 


What  clients  want 

■  Best  practices 

■  Variable  capacity 

■  Management  focus 
on  core  competencies 


£ 


The  Sweet  Spot 
(a  successful  outcome) 

■  Low-maintenance 
relationship 

■  Reasonable  margins 

■  Innovation  to  ensure 
process  improvements 


What  vendors  offer 

■  Standardized,  best- 
practice  process 
components 

■  Economies  of  scale 
Distinctive  assets 


Transaction  Outsourcing:  Parameters,  Benefits  and  Risks 


WHAT  IS 
OUTSOURCED? 


Clearly  defined, 

repeatable 

processes 


KEY 

METRICS 


Quality  and/or 
cost  per 
transaction 


CLIENT 


Desired  service 
might  not  be 
available 


VENDOR 
S 


I  ■  NHfl 

Competition  can 
erode  margins 


CLIENT/VENDOR 

SUCCESS 


90%  for  each 
side  (as  judged 
by  outsourcing 
clients) 


SOURCE:  Survey  and  interviews  conducted  by  Jeanne  Ross  and  Cynthia  Beath 


60  OCTOBER  1,  2005  |  www.cio.com 


Introducing 

the  first  MFP  to  guarantee 
80  smiles  per  minute. 


Here's  reliability,  security,  and  speed  you'll  really  appreciate. 

From  printing,  copying  and  scanning  to  advanced  finishing  Industry  Analysts  Inc.  Our  200-sheet  dual  scan  technology 
and  paper  handling,  the  KM-8030  optimizes  productivity  reduces  your  input  time  accurately  and  consistently 
and  simplifies  your  work  life.  So  much,  it's  no  surprise  that  -  33%  more  than  any  other  system  in  its  class!  In  addition, 
we've  received  numerous  MFP  technology  and  reliability  our  advanced  KYOcapture  technology  can  simply  capture, 
awards;  including  the  Most  Reliable  Copier/MFP  honor  from  process  and  route  your  documents  right  from  the  device. 

Learn  even  more.  Visit  our  web  site  today:  www.kyoceramita.com/newproducts 


People  Friendly* 


A  whole  new  reason  to  smile. 


The  New  Value  Frontier 

rg  KyocERa 


KYOCERA  MITA  CORPORATION  KYOCERA  MITA  AMERICA.  INC.,  a  group  company  of  Kyocera  Corporation 
€>2005  Kyocera  Mita  Corporation  and  Kyocera  Mita  America,  Inc.,  “People  Friendly”,  the  Kyocera  “smile"  and  the  Kyocera  logo  are  trademarks  of  Kyocera 


Cover  Story  Outsourcing 


hours  calls  to  its  Bangalore  office.  De  Poerck  had  significant  expe¬ 
rience  with  offshoring  application  development  and  maintenance 
to  another  outsourcer  in  Chennai,  and  was  game.  After  a  pilot,  he 
signed  up. 

De  Poerck  says  that  the  impetus  for  the  change  was  the  looming 
end  of  the  multiyear  ACS  contract,  which  the  World  Bank  requires 
IFC  to  put  up  again  for  bid  at  the  end  of  a  contract  period.  If  ACS 
could  offer  IFC  extended  help  desk  service  for  the  same  price,  per¬ 
haps  it  could  outbid  all  comers.  Regardless,  “now  that  we  have 
that  team  in  Bangalore,  there’s  a  level  of  performance  and  processes 
that  weren’t  in  place  before,”  de  Poerck  says.  “We’re  getting  a  lot 
better  service.” 

Clean  House  Before 
Outsourcing 

If  the  success  rates  and  benefits  of  transaction  relationships  have 
you  wondering  why  you  don’t  just  outsource  everything  that  you 
can  characterize  as  extractable,  beware.  There  is  a  potential  trip-up. 
Emphasizing  transaction  relationships  can  make  a  company  less 
innovative  with  its  IT  architecture.  In  the  short  term,  transaction 
outsourcing  can  help  a  company  clean  up  isolated  processes,  but 
in  the  long  term  these  deals  may  actually  reinforce  application 
silos  in  a  company,  according  to  the  CISR-C/O  research. 

This  potential  problem  makes  the  need  for  enterprise  architec¬ 
ture  planning  even  more  important  for  companies  engaging  in 
transaction  relationships,  Ross  says.  “We  think  of  a  transaction  as 
a  smallish  piece  of  IT  that  the  vendor  ought  to  be  able  to  provide 
value  on,”  she  says.  “But  that  can  be  dangerous.  Until  companies 


to  future  needs.  “We  had  an  opportunity  to  get  into  some  new 
emerging  technologies,  but  that  would  require  incorporating  an 
enterprisewide  data  warehouse,”  he  says.  Gaines  knew  he  did  not 
have  enough  internal  expertise  to  tackle  that  job. 

Gaines  began  to  look  at  outsourcers.  He  liked  that  DBA  Direct 
had  experience  with  his  company.  “The  database  work  they 
would  be  handling  was  complex,  and  they  were  already  manag¬ 
ing  a  highly  reliable  database  for  us,”  he  says.  So  he  hired  the  ven¬ 
dor  for  database  administration  enterprisewide.  DBA  Direct 
started  with  the  company’s  Oracle  databases.  And  as  Gaines  con¬ 
tinued  to  centralize  IT,  the  outsourcer  took  responsibility  for 
most  of  Cinergy ’s  databases. 

By  reexamining  the  outsourcing  relationship  with  DBA  Direct 
and  expanding  it  as  part  of  a  larger  enterprise  architecture  strat¬ 
egy,  Gaines  avoided  the  silos  that  transaction  outsourcing  some¬ 
times  produces.  The  vendor  has  also  proved  valuable  working 
directly  with  Cinergy’s  other  outsourcers,  with  whom  Cinergy 
cosources  much  development  and  maintenance  of  applications 
that  in  turn  rely  on  database  functioning  and  availability. 

But  most  impressive  to  Gaines  has  been  how  quickly  DBA 
Direct,  with  its  well-honed  database  experience  and  best  prac¬ 
tices,  has  been  able  to  move  Cinergy  from  its  old  data  mart  model 
to  an  enterprise  data  warehouse.  Far  from  stagnating  Cinergy’s 
architecture,  transaction  outsourcing  has  improved  it.  “I  would 
never  have  been  able  to  bring  that  [enterprise  data  warehouse] 
into  this  company  as  quickly  if  we  tried  to  do  it  ourselves,”  says 
Gaines.  DBA  Direct  “had  that  core  competence  because  it’s  their 
business.  It  wasn’t  rocket  science.  But  the  need  was  so  urgent  for 
us— we  had  customers  in  the  business  who  were  building  new 


“With  help  desk,  the  transaction  is  pretty  simple.  I  know  it’s  successful 

because  I  hear  so  little  about  it.”  -Guyde Poerck,  CIO,  International  Finance  Corp. 


have  cleaned  up  internal  processes,  outsourcing  transactions  is 
going  to  reinforce  silos.  And  that  can  make  your  internal  architec¬ 
ture  messier  and  messier.”  Over  time,  a  weak  enterprise  architec¬ 
ture  could  inhibit  a  company’s  ability  to  respond  to  changing 
market  conditions. 

Cinergy  could  have  fallen  into  that  trap.  Before  CIO  Gaines’s 
arrival  in  2002,  the  company  had  commenced  a  transaction  rela¬ 
tionship  with  DBA  Direct  to  do  database  administration  for  its 
commercial  energy  business  unit  only.  At  the  time,  Cinergy  IT 
was  decentralized,  with  each  of  the  company’s  four  business  units 
operating  autonomously.  The  DBA  Direct  deal  “worked  reasonably 
well  and  served  its  purpose,”  Gaines  says.  “But  there  was  not  a  lot 
of  visibility  into  it.  It  was  filling  a  rather  specific  need  in  that  busi¬ 
ness  unit,  and  it  wasn’t  scalable.” 

When  Gaines  took  the  reins,  he  was  charged  with  centralizing 
IT  for  the  $4.7  billion  company.  One  of  his  first  acts  was  a  review 
of  Cinergy’s  entire  IT  service  delivery  model.  He  also  looked  ahead 


applications  dependent  on  having  a  data  warehouse— that  finding 
a  partner  like  them  was  important.” 

CIOs  should  not  be  lulled  into  believing  that  success  with  trans¬ 
action  relationships  means  they’re  ready  for  riskier  adventures  in 
outsourcing.  According  to  Ross,  knowledge  from  transaction  out¬ 
sourcing  does  not  necessarily  transfer  to  other,  more  complex  types 
of  outsourcing.  “You’ll  never  find  the  level  of  success  you  have  with 
transaction  relationships  in  other  types  of  outsourcing  because 
nothing  else  is  as  extractable,”  she  says. 

Smart  CIOs  who  have  found  success  in  transaction  relation¬ 
ships  know  this,  and  consequently,  they  approach  all  outsourc¬ 
ing-even  further  transaction  relationships— with  due  caution. 
“With  transaction  relationships,  you  tend  to  find  a  lot  of  happy 
people.  They’re  outsourcing  smaller  pieces  of  IT,”  says  Ross.  “But 
the  bigger  it  gets,  the  riskier  it  gets.”  EEl 


Senior  Editor  Stephanie  Overby  ( soverby@cio.com )  covers  outsourcing. 


62 


OCTOBER  1,  2005  |  www.cio.com 


GREAT  PARTNERSHIPS  BEGIN  WITH  SUN 

MORE  THAN  1,600  APPLICATIONS  FOR  SOLARIS  ON  x86/x64  SYSTEMS 


i'bea 

Think  liquid.' 


IBM, 


Information  Management  Software 


IBM. 


Rational. 


software 


IBM. 


Tivoli 


software 


“We  trust  that  the  superior  performance  and  scalability 
of  Solaris  10  will  pave  the  way  for  more  business, 
and  our  technology  will  become  a  very  powerful 
and  profitable  combination.  Now  we  can  scale  our 
solution  according  to  our  customers’  needs  and  move 
vertically  and  horizontally  to  be  able  to  support 
millions  of  corporate  and  retail  banking  clients  with 
absolute  ease,  high  flexibility  and  strong  reliability." 
-DS3 


IBM. 


WebSphere 


software 


■TIBCCT 

The  Power  of  Now® 


ROGUE  WAVE 

SOFTWARE 


A  QUOVADX  DIVISION 

SUNGARD 


Symantec. 


EMC2 

where  information  lives" 


"Oracle  and  Sun  deliver  technical  innovation  and 
value  through  our  joint  engineering  efforts  to 
help  reduce  the  cost  and  complexity  associated 
with  data  management.  Oracle  Database  log,  in 
conjunction  with  the  superior  functionality  of  the 
Solaris  10  OS  and  flexibility  of  Sun  servers  based 
on  the  AMD  Opteron  processor,  offers  proven 
performance,  reliability,  and  security  to  thousands 
of  customers  around  the  world"  —Oracle 


“Speed,  transparency,  support,  virtual  memory,  and 
the  Java  Desktop  System  software  make  Solaris  10 
our  operating  system  of  choice.”  —  DataXpress 


I  soiaris 


SUN.COM/SOLARIS 


share 


microsystems 


J :/ 

p 


©  2005  SUN  MICROSYSTEMS,  INC.  ALL  RIGHTS  RESERVED.  SUN,  SUN  MICROSYSTEMS,  THE  SUN  LOGO,  SOLARIS  AND  THE  SOLARIS  LOGO  ARE  TRADEMARKS  OR  REGISTERED  TRADEMARKS  OF  SUN  MICROSYSTEMS. 
INC.  IN  THE  UNITED  STATES  AND  OTHER  COUNTRIES. 


CIO  LEADERSHIP 


Travel  the  path 
to  leadership  with  CIOs 
who  have  been  there... 


Targeted  essays  on  how  to  be  a  better  IT  leader. 

•  Essential  skills  and  career  planning 

•  Strategic  planning  and  alignment 

•  Staff  management 

•  Influence  and  negotiation 

•  Executive  relations  and  politics...  and  more 

Drawn  from  the  real-world  experience  of  veteran 
CIO  columnists: 

•  Patricia  Wallington,  Former  CIO  of  Xerox 

•  Jerry  Gregoire,  Retired  CIO  of  Dell  Computer 

•  Susan  Cramm,  Executive  Coach,  Former  CIO  of 
Taco  Bell 

•  Christopher  Hoenig,  Managing  Director  of 
Strategic  Issues  for  the  U.S.  Government 
Accountability  Office 


THE  ESSENTIAL 


Leadership  Strategies  for  Personal 
and  Professional  Success 


Targeted  essays  from  CIO  magazine 

Edited  by  Richard  Pastore 
and  Edward  Prewitt 


Now  available  in  hardcover  at 

The  CIO  Store 


The  Resource 
for  Information 
Executives 


FOR  EXECUTIVE  DECISION-SUPPORT  TOOLS,  VISIT  THE  CIO  STORE-THE  CIO’S  KNOWLEDGE  MARKETPLACE. 

www.TheCIOStore.com 


Solutions  for  th 


ptive  enterprise 


The  best  view  in  the  city,  the  country,  the  world. 

At  one  time,  DHL  had  a  data  center  in  every  country  in  which 
it  operated.  The  result  was  a  massive  collection  of  small  IT 
networks  — without  a  mission  control.  With  the  help  of  HP 
Services  and  HP  OpenView  software,  hundreds  of  data  centers  " 

became  three.  By  consolidating,  DHL  is  now  better  able  to  share  -- 

information,  implement  IT  changes  globally  and  “see”  their  .  - 
entire  network  from  a  single  point  of  control.  Now,  change  never 
goes  unnoticed.  For  more  on  HP’s  Consolidation  Solutions,  visit 
hp.'com/info/consolidation  -  ' 


■  -  ■  ■*r 

■“5&353E*! 


m:  ■:  - ' 


**.  •  ~  - 
_ - - "  ' 

•— »r 


~ T’Jm 

v*.-. *'  —  ...  *  *C  — 

■?■*!#£,  :  ... 


-V  T‘  *  — ! 


.  .. 


SPECIAL  ADVERTISING 


STOP 

SEARCHING. 

Looking  for  a  way  to  lower  your  compliance 
costs  and  increase  the  efficiency  of  your  IT 
infrastructure  while  growing  your  business? 


Discover  HP  Compliance  and  Consolidation 
solutions.  Visit  the  IDG-HP  Enterprise  Center 
featuring  industry  insights  by  IDC,  and  get 
your  free  executive  brief  today. 


FINDING 


www.idgpartners.com/ec 

Click  to  download  free  executive  briefs, 
case  studies  and  to  find  out  how  HP 
solutions  can  help  you. 


Consolidation: 

IT  consolidation  is  gathering  steam  in  the 
marketplace  as  companies  of  all  types 
struggle  with  increasing  infrastructure 
demands,  smaller  budgets,  and  changing 
business  practices.  This  report  identifies 
the  current  drivers  for  IT  consolidation, 
describes  the  benefits  and  types  of 
consolidation,  and  provides  advice  on 
selecting  the  right  IT  consolidation  vendor. 


Compliance: 

Government  regulations  such  as  HIPAA, 
Sarbanes-Oxley,  and  Gramm-Leach-Bliley 
have  placed  unprecedented  pressure 
on  companies  to  secure  the  authoring, 
updating,  publishing,  and  archiving  of  their 
electronic  documents  and  communications. 
This  report  examines  the  new  regulatory 
demands  and  describes  how  companies 
can  leverage  compliance  technology  and 
processes  for  greater  business  advantage. 


SIDG  ra 

INTERNATIONAL  DATA  GROUP  invent 


The  hardestthingto  do  with 
a  computer  isn’t  buying  it 
orsettingituporusingitor 
fixing  it.The  hardest  thing 
isthrowingitaway. 

To  dispose  of  just  one  PC  without  expos¬ 
ing  sensitive  personal  or  corporate  data, 
without  running  afoul  of  environmental 
regulations  and  without  wasting  what  can 
be  reused  requires  planning  and  time  and, 
yes,  money. 

And  that’s  just  one  PC.  According  to  the 
International  Association  of  Electronics 
Recyclers,  about  100  million  pieces  of 
computer  equipment  a  year  are  being 
added  to  the  massive  heap  of  what’s  called 
"e-waste."  By  2010  that  heap  will  contain 
1  billion  units  of  computer  equipment. 

Out  of  all  that  junk,  only  40  million  CPUs, 
monitors  and  printers  annually  are  properly 
“demanufactured”  to  safely  dispose  of  the 
hazardous  waste  encased  inside  and  to 
recycle  the  reusable  materials. 

Every  computer  contains  more  than 
30  elements,  many  of  them  highlytoxic. 
Deconstructing  them  is  the  disposition 
business.  And  it’s  booming.  The  business 
of  throwing  away  computers  is  growing 
faster  than  the  market  for  buying  them. 

For  CIOs,  it’s  time  to  create  a  plan  for 
safely  disposing  of  your  computers.  Most 
companies  don’t  have  this  kind  of  plan. 
Heck,  most  companies  don’t  even  know 
where  their  old  computers  are.  Recyclers 
talk  about  discovering  thousands  of 
machines  that  no  one  knew  even  existed, 
piled  up  in  closets.  Out  of  sight,  out  of  mind. 

Maybe  junking  those  old  Pentium  I  Is  is 
something  you’ve  been  meaning  to  get 
around  to.  Maybe  it’s  on  your  to-do  list  but 
way  down.  You  have,  what,  hundreds  of 
computers  to  get  rid  of?  Thousands? 

What  to  do? 

Turn  the  page>» 


S38S5& 

SWQvIWv  • 


jltiii 


Wfr 


f  OCTOBER  1.  200' 


€5 


WBxmm 


Step  1>  Find  Them.  Decide  What  to  Do  with  Them. 

Your  choices:  Redeploy,  sell,  donate,  chop  up  for  parts,  chop  up  for  recycling 


Before  you  get  rid  of  a  computer,  you  have  to  find  it.  Stampp 
Corbin,  CEO  of  information  technology  disposition  company 
Retro  Box,  recalls  one  company  that  had  9,000  employees  on  its 


What  Happens  to  Old  Computers 


The  distribution  cut  in  an  average  Fortune  100  company 


books  but  23,000  computers,  many  of  which  were  dead  and 
stacked  in  hallways,  closets,  attics  and  basements.  That  translates 
to  about  2.5  PCs  per  employee.  “Typically,  thousands  of  machines 
come  out  they  didn’t  even  know  they  had,”  Corbin  says. 

After  you  find  your  machines,  you  need  to  sort  them  by 
their  likely  fate— redeployment,  resale,  donation,  chopped  up 
for  parts  or  chopped  up  for  recycling. 

Situations  vary,  and  as  computers  surface  the  CIO  and  the 
disposition  company  should  build  a  reverse  logistics  plan. 
Bold  CIOs  will  create  a  repeatable  disposition  process,  an  end- 
of-life  asset  management  plan  as  comprehensive  as  their  asset 
deployment  plan. 


Junked  completely  and  shredded 
and  ground  down  for  recycling 
and  environmental  disposal 


Repaired, 
refurbished  then 
redeployed,  resold 
or  donated 


SOURCE:  RetroBox 


Step  2 1  Get  Rid  of  the  Data. 

Your  choices:  Do  it  yourself  or  get  someone  to  do  it  for  you:  save  or  destroy  the  hard  drive 


Hard  drives  must  be  wiped.  This  is  not  optional.  The  risk  of  not 
wiping  drives— the  potential  liability  if  sensitive  information  gets 
out— easily  justifies  the  cost  of  doing  it.  Two  years  ago,  the  state  of 
Kentucky  got  rid  of  computers  that  still  contained  confidential  files 
naming  people  who  had  AIDS  and  other  STDs.  In  May,  the  state  of 
Montana  disposed  of  hard  drives  that  still  had  Social  Security  num¬ 
bers  and  medical  records  on  them.  Then  there  are  the  risks  of  losing 
computers  in  transit  or  even  of  competitors  trying  to  get  their  hands 
on  them. 

Data  wipes  come  in  several  fla¬ 
vors,  each  with  pros  and  cons. 

First,  decide  if  you’ll  sanitize  the 
drives  at  your  site  or  if  you’ll  ship 
them  off  to  the  cleaning  company’s 
site.  Bringing  the  cleaners  to  your 
site  is  more  secure— and  pricier.  If 
you  send  the  computers  out,  put  a 


Cost  vs.  Security 


The  more  complete  the  data  wipe,  the  higher  the  cost 


fifift 


Security 


Quick  Fact:  Don’t  Quit  Your  Day 
Job  to  Mine  Computers! 

The  combined  worth  of  the  precious 
metals  (gold  and  silver)  in  5,000  old 
PCs  is  only  about  $230.  Newer  PCs 
have  even  less. 


Government  wipe 
at  their  place 

Basic  wipe 
at  their  place 


§  No  wipe 


$ 

SOURCE:  CIO  Reporting 


BIOS  password  on  their  systems  to  prevent  access  to  their  drives. 

Next,  decide  if  you  want  to  do  a  basic  wipe,  a  government  wipe  or 
more.  A  basic  wipe  will  write  a  0  on  every  drive  sector  in  one  pass. 
A  basic  wipe  is  fastest  and  cheapest,  but  it  leaves  traces.  Motivated 
hackers,  could  possibly  retrieve  the  data  under  the  Os. 

The  Department  of  Defense  standard  5220.22-M  dictates  a  stronger 
scrub.  The  so-called  government  wipe  makes  three  overwrites  on  the 
disk.  The  first  wipe  puts  Os  on  sectors,  the  second,  Is,  and  the  third, 
a  random  character.  The  more  times  the  process  is  repeated,  the  less 

likely  anyone  could  get  anything 
off  the  drive. 

More  scrubbing  means  more 
time  (and  money).  A  single  over¬ 
write  on  a  40GB  hard  drive  can 
take  20  minutes.  A  government 
wipe  can  take  up  to  three  hours. 

A  more  secure  option  exists: 
degaussing,  in  which  a  giant 
magnet  delivers  negative  and 
positive  jolts  to  the  hard  drive, 
destroying  it.  But  since  the  hard 
drive  accounts  for  about  two- 
thirds  of  the  recovery  value  of  an 
old  PC’s  parts,  degaussing  carries 
a  steep  cost. 


Degauss  at  your  place 
Degauss  at  their  place 

Government  wipe 
at  your  place 

Basic  wipe 
at  your  place 


Cost 


$$$ 


66 


OCTOBER  1,  2005  |  www.cio.com 


Oracle  Database 


World's  #1  Database 


(s/oW 

A 


For  Small  Business 


Easy  to  use.  Easy  to  manage. 
Only  $149  per  user. 


oracle.com/standardedition 
or  call  1.800.633.0753 

Terms,  conditions,  and  limitations  apply.  Pricing,  specifications,  availability  and  terms  of  offers  may  change 
without  notice.  Taxes,  fees  and  shipping  charges  extra,  vary  and  are  not  subject  to  discount.  Oracle 
Database  Standard  Edition  One  is  available  with  Named  User  Plus  licensing  at  $149  per  user  with 
a  minimum  of  five  users  or  $4995  per  processor.  Licensing  of  Oracle  Standard  Edition  One 
is  permitted  only  on  servers  that  have  a  maximum  capacity  of  2  CPUs  per  server. 

For  more  information,  visit  oracle.com/standardedition 

Copyright  ©  2005,  Oracle.  Oracle,  JD  Edwards,  PeopleSoft  and  Retek  are  registered  trademarks  of  Oracle  Corporation  and/or  its  affiliates. 

Other  names  may  be  trademarks  of  their  respective  owners. 


In  Effect 


The  Regulations 


Recycling  is  not  just  the  right,  green  thing  to  do.  It’s  the  law. 

Two  pieces  of  decades-old  law  govern  e-waste:  the  so-called  Superfund 
legislation  and  the  Resource  Conservation  and  Recovery  Act  CRCRA}. 

It's  unclear  how  forcefully  governments  enforce  these  laws  in  terms  of 
e-waste.  Most  stories  of  companies  getting  fined  are  anecdotal.  In  one 
study,  Gartner  suggests  that  one  corporation  paid  a  $200,000  fine  for 
improper  disposal,  but  doesn't  get  more  specific  than  that.  A  disposition 
company,  Green-Tech  Assets,  warns  that  the  Environmental  Protection 
Agency  can  levy  fines  of  $15,000  per  incident  and  $25,000  per  day  for 
improper  disposal.  But  Jim  Lynch,  program  manager  for  CompuMentor, 
a  nonprofit  computer  recycling  and  reuse  center,  believes  fines  are  rare 
and  enforcement  spotty  at  best.  "Ask  around  and  you  never  get  a  straight 
answer,"  he  says. 

That  could  be  changing.  Laws  specifically  targeting  e-waste  are  being 
enacted  now,  with  more  on  the  way.  Although  many  are  consumer- 
focused,  some  will  target  corporate  e-waste.  One  of  the  toughest  laws, 
called  the  Waste  Electrical  and  Electronic  Equipment  Directive  (WEEE}, 
went  into  effect  in  Europe  in  August. 

See  the  box  at  right  for  a  sample  of  laws  and  pending  legislation. 


»  The  California  Electronic  Waste  Recycling  Act 
of  2003:  An  "advanced  recycling  fee"  law,  it’s 
essentially  a  bottle  bill  for  electronics.  You  pay  a 
“deposit"-an  extra  $6  to  $10-when  you  buy 
something  electronic,  and  get  the  money  back 
when  you  turn  in  the  equipment. 

»  Restriction  of  Hazardous  Substances  Directive 
(ROHS):  A  European  Union  regulation  that  phases 
out  the  use  of  many  of  the  most  dangerous  toxins 
in  electronics,  including  lead  and  mercury. 

»  Waste  Electrical  and  Electronic  Equipment 
Directive  (WEEE):  The  European  Union  mandates 
"producer  responsibility."  That  is,  manufacturers 
must  take  back  and  deal  with  dead  equipment. 


Pending 


»  Talent-Wyden  E-Waste  Bill:  This  bipartisan 
proposal,  which  would  provide  tax  incentives  to 
businesses  that  recycle  electronics,  was  folded 
into  the  bipartisan  McCain-Lieberman  energy  bill. 

»  Maine’s  Television  and  Computer  Monitor 
Recycling  Law:  Effective  2006,  this  “shared 
responsibility”  law  makes  manufacturers  respon¬ 
sible  for  disposal,  and  cities  and  waste  companies 
responsible  for  collection. 


Your  Computer  Deconstructed 


The  elements  contained  in  most  PCs 


Step  3l Finally,  Send  Them 
to  Their  Reward. 


SOURCE:  Silicon  Valli 


Silica  25% 


Plastic  23% 


Iron  20% 


Aluminum  14% 


Copper  7% 


Lead  6% 
Zinc  2% 
Tin  1% 
Nickel  1% 
Other  1% 


The  disposal  guys  call  it  “shred,  grind, 
separate,  refine,  smelt,  melt  and  pelletize” 


After  their  disks  have  been  wiped,  computers  head  off  in  various  direc¬ 
tions.  Some  get  a  light  dusting  and  a  technical  refresh  and  are  shot  off  to 

the  secondary  market  for  resale.  Others 
are  pegged  for  donation.  Companies 
with  a  truly  thorough  asset  manage¬ 
ment  plan  might  even  redeploy  some, 
turning  old  desktops  into,  say,  Linux 
servers.  Older,  less  useful  computers 
can  be  cannibalized  for  parts. 

After  all  that,  what’s  left  are  the  dregs. 
The  dregs  include  three  types  of 
materials:  recyclable  commodities, 
recyclable  precious  metals  and  poison. 
(See  “The  Weight  of  Waste,”  Page  70.) 

Proper  disposition  gets  labor-  and 
cost-intensive  here.  Computers  take 
time  and  a  lot  of  labor  to  disassemble. 
According  to  one  published  report,  a  disposition  company  once  told 
the  Government  Accountability  Office  that  to  remove  the  lithium  bat- 


QuickFact: 

No  Tax  Break  for  You! 

Despite  what  you  might  believe, 
there’s  no  current  uniform  tax 
deduction  for  donating  comput¬ 
ers  to  charity  because  the  laws 
that  once  granted  deductions 
are  no  longer  in  force.  Current 
accounting  practices  fully  depre 
ciate  PCs  in  three  years,  after 
which  they  have  no  donation  (or 
accounting)  value— a  puzzling 
disincentive  to  doing  the  right 
thing  with  old  equipment. 


68  OCTOBER  1,  2005  |  www.cio.com 


PHOTO  BY  GETTY  IMAGES 


WHERE  DO  7  OUT  OF  THE  TOP  10  FORTUNE  100® 
TURN  FOR  THEIR  I.T.  NEEDS? 

TO  THE  BIGGEST  I.T.  COMPANY  YOU’VE  PROBABLY  NEVER  HEARD  OF... 


Presenting  Tata  Consultancy  Services,  TCS,  the  creator  of  the  Global  Delivery  Model  for  software 
development.  For  over  35  years  TCS  has  been  the  provider  of  choice  for  hundreds  of  customers 
around  the  globe,  including  37  of  the  Fortune  100®,  7  of  which  are  in  the  top  10.  TCS,  with 
revenues  of  $2.24  billion  (FY  2004-05),  serves  its  customers  with  over  45,000  expert 
associates  in  32  countries  around  the  globe,  including  9,000  employees  located  in  50  offices 
throughout  the  U.S. 

It’s  time  you  got  to  know  the  biggest  I.T.  company  you've  probably  never  heard  of.  For  a  more 
complete  introduction,  email  marketing@usa-tcs.com  or  visit  TCS  online  at  www.tcs.com. 


value:infinite 


IT  Consulting  /  IT  Solutions  /  Engineering  and  Industrial  Services 
BPO  /  IT  Infrastructure  Solutions  /  Product-Based  Solutions 


wlw 

TATA 

TATA  CONSULTANCY  SERVICES 


<.4 


v /•£ 

c  2005  Tata  Consultancy  Services  Ltd.  All  rights  reserved.  Tata  Consultancy  Services  and  the  Tata  Consultancy  Services  logo  are  registered  trademarks  of  feta  Consultancy  Services  ltd  1 


The  Weight  of  Waste 


What  5,000  computers  contain 


Loaded  with  as  much  as  four  pounds  of  lead,  CRTs  require 
extra  money  and  care  for  proper  disposal.  What’s  more,  the 
leaded  glass  inside  a  CRT  (“cullet”)  is  hard  to  recycle,  and  its 
reuse  is  limited  by  regulations.  The  recycling  industry  can  han¬ 
dle  only  about  125,000  tons  per  year  and  right  now  processes 
far  less  than  that  according  to  the  Electronic  Industry  Alliance. 

In 2000, 30  million  poun  of  lead-bearing 

CRTs  were  trashed,  and  ,  that  total  will  rise  to 


SOURCE:  CIO  Reporting 

OCTOBER  1,  2005  | 


Computer  products  installed  and  scrapped 


www.cio.com 


tery  from  a  single  Hewlett- 
Packard  computer  required 
the  removal  of  30  screws. 

Once  a  computer  has  been 
disassembled,  the  parts  that 
have  no  reuse  value  head  off 
to  a  violent  death.  They  will 
be  run  through  any  number 
of  large,  expensive  machines 
in  a  process  the  International  Association  of  Electronics  Recy¬ 
clers  describes  as  “shred,  grind,  separate,  refine,  smelt,  melt  and 


pelletize.”  Different  materials  are  ground  into  different  sizes, 
from  the  size  of  a  quarter  to  the  size  of  a  pinhead. 

Metals  and  plastics  are  sold  to  dealers  by  the  pound.  Toxic  waste 
is  shipped  off  to  an  environmental  disposal  company.  Precious  met¬ 
als  are  dealt  with  as  well.  Some  disposition  companies  perform 
these  processes  themselves.  Others  offload  the  heavily  regulated 
toxic  waste  disposal  and  partner  with  companies  that  specialize  in 
those  specific  environmental  processes.  (For  more  on  the  disposition 
business,  see  “Worth  Its  Weight  in  Waste,”  zvww.cio. com/100105.) 


2010 


Senior  Editor  Scott  Berinato  can  be  reached  at  sberinato@cio.com. 


2003 

SOURCE:  International  Association  of  Electronics  Recyclers 


CIOs  should  make  sure  that  the  disposition  and  environmental 
disposal  companies  they  deal  with  carry  “errors  and  omission” 
insurance  as  well  as  pollution  insurance.  (See  “The  Regulations,” 
Page  68.)  The  prices  these  commodities  bring,  minus  the  cost  of 
disposal,  help  to  offset  the  overall  disposition  costs.  QE1 


Throwaway  Culture 


PHOTO  TOP  BY  GETTY  IMAGES:  BOTTOM  BY  RACHEL  BARNETT 


MORE  BUSINESS 
CONFIDENCE. 


With  ProCurve  Networking  by  HP,  you  choose  from  a  comprehensive  set  of  security  solutions —  each 
designed  to  help  protect  your  growing  company.  You  get  exclusive  products  like  ProCurve  Secure  Router, 
Virus  Throttle,  Identity  Driven  Management  and  Access  Controller  Module.  And  unlike  most  other 
providers,  ProCurve  ensures  critical  network  security  at  the  edge  where  users  connect  as  well  as  at  the 
vulnerable  core.  Edge-to-edge  security  means  less  downtime,  more  uptime.  ProCurve  means 
more  security,  more  affordably. 


Find  out  more  about  ProCurve  Networking.  Call  800-975-7684  Ref  Code  51  or 
download  informative  reports  complete  with  case  studies  and  cost-of-ownership 
analysis  at  www.hp.com/learn/procurvel. 


ProCurve  Networking 


HP  Innovation 


©2005  Hewlett-Packard  Development  Company,  L.R 


MmM 


aftaHB 


I 

'£(.  ii&A  •  •h-'-  :'y‘v' .V''; 

II a'OsOWF 
ftsssS 5ft.ss>; 


si* 


Using  customer  segmentation,  RBC 
Financial  Group  CIO  Martin  Lippert 
says  his  team  noticed  a  subsegment 
of  people— retired  snowbirds— who 
represented  a  sweet  spot  of  untapped 
potential  for  the  bank. 


72  OCTOBER  1,  200 


PHOTOGRAPHY  BY  JOHN  HYRNIUK 


RBC  Royal  Bank  is  one  of  the 
few  companies  that  actually 
gets  it.  Here’s  how  the  bank 
has  grown  its  market  share  by 
courting  specific  customer 
segments,  such  as  retired 
snowbirds  and  future  doctors. 

BY  ALICE  DRAGOON 


HOW  TO  DO 

CUSTOMER 

SEGMENTATION 

mftUT 

un  I 


If  banks  could  choose  their  customers  the  way  kids  choose 
sides  on  the  playground,  customers  in  the  18-to-35  age  bracket 
would  be  picked  last.  With  their  relatively  small  incomes,  low 
account  balances  and  large  student  loan  debts, 
young  customers  aren’t  exactly  the  sort  over 
whom  the  average  bank  salivates. 

At  RBC  Royal  Bank,  however,  executives  rec¬ 
ognized  that  some  of  those  impecunious  young 
customers  might  eventually  turn  into  wealthy, 
profitable  customers.  So  RBC  analysts  pored 
through  the  bank’s  data  on  its  young  customers 
looking  for  subsegments  with  a  strong  potential 
for  rapid  income  growth.  Their  analysis  identi¬ 
fied  medical  school  and  dental  school  students 
and  interns  as  a  group  with  a  high  potential  to 
turn  into  profitable  customers.  So  in  2004  the 
bank  put  together  a  program  to  address  the  finan- 


Reader  ROI 

::  How  understanding 
your  customers’  needs 
can  boost  profits 

::  How  to  segment 
customers  according 
to  their  necessities  at 
each  life  stage 

::  Why  segmenting  by 
age  or  revenue  alone 
is  ineffective 


www.cio.com  |  OCTOBER  1,  2005  73 


Customer  Segmentation 


RBC  Financial  Group  VP  Gaetane  Lefebvre:  “Profitability  is  extraordinarily  important  and 
it's  where  you  want  to  start.  But  it’s  not  very  informative  for  understanding  client  needs.” 


cial  needs  of  credit-strapped  young  medical  professionals,  including 
help  with  student  loans,  loans  for  medical  equipment  for  new  prac¬ 
tices  and  initial  mortgages  for  their  first  offices.  Within  a  year,  RBC’s 
market  share  among  customers  in  this  subsegment  has  shot  up  from 
2  percent  to  18  percent,  and  the  revenue  per  client  is  now  3.7  times 
that  of  the  average  customer.  Martin  Lippert,  vice  chairman  and 


74 


CIO  at  RBC  Financial  Group,  says  the 
bank’s  willingness  to  help  these  young 
professionals  get  started  will  likely  be 
rewarded  with  a  lower  attrition  rate  down  the  road. 

“We  may  have  customers  we’re  not  making  money  on,  but  we  look 
at  that  as  more  our  problem  than  the  customer’s,”  Lippert  says.  “Our 
opportunity  lies  in  finding  what  the  needs  of  the  customer  might  be 
so  we  can  offer  them  additional  products  and  get  them  to  a  point 
where  we’re  making  some  return.” 


OCTOBER  1,  2005  |  www.cio.com 


While  lots  of  companies  claim  they’re  customer-centric,  RBC  is 
one  of  just  a  handful  of  organizations  that  segment  customers  based 
on  customer  needs,  not  their  own.  And  by  focusing  its  operations  on 
addressing  those  needs,  RBC  has  grown  its  market  capitalization 
from  $18  billion  almost  six  years  ago  to  close  to  $50  billion  today. 

So  far,  few  companies  are  as  sophisticated  at  segmenting  cus¬ 
tomers  as  RBC.  Many  don’t  do  any  customer  segmentation  at  all,  and 
those  that  do  typically  don’t  reap  much  value  from  the  exercise 
because  they  segment  on  the  wrong  criteria.  Precise,  needs-based 
customer  segmentation  is  time-consuming  and  difficult,  and  very 
much  in  its  infancy.  But  it’s  worth  doing  because  it  enables  cost- 
effective  targeting  of  customers  with  product  and  service  offerings 
that  match  their  needs.  That  kind  of  precise  targeting  obviates 
spending  a  bundle  on  largely  ineffective  mass  mailings— and  alien¬ 
ating  customers  with  irrelevant  offers.  It’s  the  quintessential  win- 
win:  Customers  get  what  they  want  and  subsequently  buy  more; 
companies  waste  less  money  and  increase  sales  and  profits. 

“The  more  you’re  able  to  do  for  the  customer,  the  more  likely  she 
is  to  pay  attention  to  the  next  offer,”  says  Martha  Rogers,  coauthor 
of  Return  on  Customer  and  cofounder  of  Peppers  &  Rogers  Group. 
Yet  “companies  are  not  doing  nearly  so  much  as  they  can.” 


that’s  hardly  ever  the  case.  He  maintains  that  an  effective  segmenta¬ 
tion  strategy  should  begin  with  a  profitability  analysis,  divvying  cus¬ 
tomers  into  10  deciles  ranging  from  most  to  least  profitable.  When  he 
segmented  one  major  retailer’s  customers  by  revenue,  some  that  had 
the  largest  revenue  generated  among  the  lowest  gross  profits.  And  to 
get  a  true  picture  of  profitability,  banks  need  to  think  about  the 
amount  of  capital  they  must  allocate  to  high-risk  customers. 

It’s  not  a  given  that  all  or  even  most  customers  within  a  certain  prof¬ 
itability  decile  are  necessarily  alike.  Even  so,  understanding  which 
customers  are  profitable  and  which  aren’t  is  a  good  starting  point.  The 
trick  is  to  delve  into  each  profitability  segment  to  look  for  hints  of  pos¬ 
sible  subsegments,  that  is,  customers  whose  behavior  patterns  or 
other  shared  characteristics  suggest  they  might  have  common  unmet 
needs.  Once  RBC  identified  the  shared  unmet  needs  of  young  med¬ 
ical  professionals,  it  was  able  to  put  together  targeted  offers  to  meet 
those  needs  and  increase  the  profitability  of  that  subsegment.  “The 
goal  for  segmentation  is  to  put  customers  in  homogeneous  groups 
based  on  common  needs  and  wants  that  you  can  act  on  with  a  com¬ 
mon  solution,”  says  Selden.  “So  who  are  all  the  people  you  can  go  at 
with  a  common  offer  that  will  make  you  a  boatload  of  money?” 


The  Wrong  Way  to  Segment  Customers 

Many  segmentation  efforts  today  are  an  exercise  in  futility  because 
companies  are  basing  their  segments  on  inappropriate  criteria, 
says  Larry  Selden,  coauthor  of  Angel  Customers  &  Demon  Customers 
and  professor  emeritus  of  finance  and  economics  at  Columbia  Busi¬ 
ness  School.  As  a  result,  organizations  often  wind  up  with  seg¬ 
ments  that  drain  resources,  instead  of  with  segments  that  lead  to 
more  effective  ways  of  running  the  business  or  meeting  customers’ 
needs.  For  convenience,  companies  that  are  organized  along  prod¬ 
uct  lines  often  segment  customers  by  the  products  they  buy.  This 
approach,  however,  risks  alienating  customers  in  two  ways:  Cus¬ 
tomers  who  happen  to  be  in  more  than  one  segment  get  bombarded 
with  multiple  uncoordinated  offers.  And  big  spenders  in  one  prod¬ 
uct  category  who  start  buying  in  a  second  category  are  justifiably 
miffed  when  they’re  treated  as  strangers. 

Segmenting  by  demographics  is  also  quite  common,  but  it’s  gen¬ 
erally  not  useful  unless  customer  needs  happen  to  align  neatly 
with  demographic  characteristics.  Lego  customers’  needs,  for 
example,  do  tend  to  shift  with  age.  Preschoolers,  after  all,  play  very 
differently  from  kids  who  are  between  5  and  14  years  old  (what 
Lego  calls  the  in-school  segment).  And  the  30,000-plus  adult  fans 
of  Legos  tend  to  be  hobbyists  with  a  completely  different  mind-set 
altogether.  Yet  considering  age  alone  isn’t  sufficient;  Lego  also  looks 
at  what  users  do  with  their  bricks.  In-school  kids  who  focus  on 
building  when  they  play  will  likely  want  plain  bricks,  but  those 
who  focus  on  role-playing  usually  gravitate  toward  themed  sets. 
Cases  in  which  demographics  alone  are  an  indicator  of  a  common 
need  are  generally  rare. 

A  lot  of  companies  segment  customers  by  revenue,  intuitively 
assuming  that  revenue  is  a  good  indicator  of  profit.  But,  Selden  argues, 


The  Royal  Bank  Way 

Determining  your  customers’  needs  is  not  a  onetime  exercise. 
Although  this  means  you  can  never  be  done  with  the  process  of  needs 
identification,  the  good  news  is  that  you  don’t  have  to  be  perfect  on  the 
first  go-round.  Effective  segmentation  is  an  exercise  in  fine-tuning. 
For  instance,  RBC  started  back  in  1992  with  just  three  customer  seg¬ 
ments:  high,  medium  or  lower  profitability.  Over  time,  RBC’s  seg- 


so  EASY  a 


CEO 


CAN  DO  IT. 


Polycom  makes  voice,  video,  and  data  conferencing  as  easy  and 
intuitive  as  dialing  a  phone.  So  you  experience  humanity,  rather  than 
technical  difficulties.  To  learn  more  about  conference  technology 
made  incredibly  simple,  visit  polycom.com/experience 

&  POLYCOM 

VIDEO  VOICE  DATA  WEB  TOGETHER,  GREAT  THINGS  HAPPEN.  * 


Customer  Segmentation 


Tips  for  Successful  Segmentation 


1 


Put  each  customer  in  only  one  segment.  Otherwise,  customers  can  get 
bombarded  with  multiple,  uncoordinated  offers. 


2  Be  channel-neutral.  Customers  should  get  the  same  offers  no  matter  which 
channel  they  use.  So  custom  product  recommendations  should  be  available 
to  all  customer-facing  employees  and  delivered  to  customers  who  go  online. 

3  Give  customer-facing  employees  specific,  action-oriented  intelligence. 

Don’t  give  them  data  that’s  open  to  interpretation.  Tell  them  exactly  which 
offer  is  most  appropriate  for  each  customer. 

4  At  the  outset  of  customer  segmentation,  give  the  sales  force  only  the  best 
leads  to  ensure  a  very  high  success  rate.  Once  the  sales  force  sees  the  value 
of  segment-driven  sales  recommendations,  you  can  expand  the  lead  list  to  include 
more  customers,  giving  a  “propensity  to  buy”  score  for  each  so  that  reps  under¬ 
stand  what  level  of  receptivity  to  expect. 


5 


Give  a  senior  manager  P&L  responsibility  for  each  segment. 


6  Put  senior  management  in  charge  of  driving  segmentation.  As  RBC  Financial 
Group  Vice  Chairman  and  CIO  Martin  Lippert  notes,  companies  may  miss 
part  of  the  customer  perspective  if  only  a  single  line  of  business  is  pushing 
segmentation.  Also,  segmentation  is  less  prone  to  budgetary  constraints  if  it’s 
funded  by  the  enterprise  instead  of  by  a  single  group. 

7  Start  small,  then  evolve.  First  divide  customers  into  a  few  coarse  segments, 
then  gradually  break  them  into  smaller,  more  precise  subsegments.  But  don’t 
wait  until  you’ve  got  it  all  perfect.  Just  begin.  -A.D. 


mentation  process  has  become  much  more 
sophisticated.  Today  the  bank  has  more  than 
80  customer  models  in  its  data  warehouse, 
and  each  month  it  scores  all  of  its  eligible  cus¬ 
tomers  on  all  relevant  strategic  and  tactical 
models.  (Someone  who  already  has  a  line  of 
credit  at  RBC,  for  example,  would  not  be 
scored  against  a  model  that  predicts  the  like¬ 
lihood  of  acquiring  a  line  of  credit.  And  cus¬ 
tomers  who  have  opted  out  of  having  RBC 
use  their  information  for  promotional  pur¬ 
poses  aren’t  scored  at  all.)  Strategic  models— 
including  profitability,  life  stage,  potential, 
defection  risk,  client  commitment  or  loyalty 
and  overall  risk— help  the  bank  home  in  on 
customers’  needs  and  priorities.  Tactical 
models— such  as  propensity  to  buy,  the  like¬ 
lihood  of  a  customer  canceling  a  product  or 
service,  and  the  degree  to  which  a  customer 
uses  the  products  he’s  acquired— are  used  to 
identify  revenue  opportunities  and  generate 
lead  lists  for  employees  who  deal  directly 
with  customers.  Scoring  customers  monthly 
on  the  80-plus  models  is  helping  RBC  gen¬ 
erate  more  than  13  million  targeted  leads  each 
month.  Roughly  6  million  leads  are  used  by 
salespeople  to  reach  out  to  customers.  The 
other  7  million  are  called  “sales  opportuni¬ 
ties”  to  be  used  when  the  customer  initiates 
contact  with  RBC.  That  means  customer 
service  reps  and  branch  employees  have  tar¬ 
geted  product  pitches  to  offer  customers  after 
they’ve  handled  the  customer  request. 

The  three  most  critical  models  that  drive 
RBC’s  business  are  profit  potential,  current  profitability  and  life 
stage,  says  Gaetane  Lefebvre,  vice  president  of  client  knowledge  and 
insights  at  RBC  Financial  Group.  “If  you  have  these  three  things, 
you  can  fundamentally  manage  your  business  very  well,”  she  says. 
“Those  are  the  ones  we’ve  been  using  as  a  proof  of  concept  since  as 
early  as  1996.”  RBC’s  method  of  projecting  potential  for  each  cus¬ 
tomer  is  so  proprietary  that  Lefebvre  won’t  even  discuss  it,  aside 
from  saying  that  it  is  not  simply  a  lifetime  value  calculation.  (See 
“The  Lifetime  Value  Equation,”  Page  79.)  “Profitability  is  extraor¬ 
dinarily  important  and  it’s  where  you  want  to  start,”  says  Lefebvre. 
“But  it’s  not  very  informative  for  understanding  client  needs.”  For 
that,  RBC  relies  heavily  on  its  life-stage  model.  Using  this  model 
(supplemented  by  focus  groups,  surveys  and  third-party  research) 
divides  individual  clients  into  five  strategic  life-stage  segments: 

1.  Youth:  These  clients  are  younger  than  18. 

2.  Getting  Started:  These  clients,  generally  between  18  and  35, 
are  going  through  first  experiences:  graduation,  first  credit  card, 
first  car,  first  loan,  marriage,  first  child. 

3.  Builders:  These  clients,  usually  between  35  and  50,  are  in  their 


peak  earning  years.  Typically  they  borrow  more  than  they  invest, 
as  they  build  families  and  careers.  With  many  expenses,  their  pri¬ 
mary  goal  is  to  manage  their  debt  load  effectively. 

4.  Accumulators:  Typically  between  50  and  60,  these  clients  are 
worried  about  saving  for  retirement  and  investing  wisely.  They  want 
to  know  if  they’ve  saved  enough  to  retire,  if  they’ll  have  to  change 
their  lifestyle  when  they  retire  and  if  they’ll  need  to  work  to  supple¬ 
ment  their  retirement  income. 

5.  Preservers:  The  primary  needs  of  these  clients,  who  are  usu¬ 
ally  older  than  60,  are  to  maximize  retirement  income  and  main¬ 
tain  the  lifestyle  they  desire.  They  typically  manage  multiple 
income  sources  and  are  starting  to  do  estate  planning. 

Lefebvre  and  her  team  overlay  these  life-stage  segments  with 
other  strategic  models  such  as  profitability,  potential,  client  credit 
risk  and  client  vulnerability  (risk  of  leaving  the  organization)  onto 
the  bank’s  objectives:  retaining  profitable  customers,  growing  cus¬ 
tomers  with  potential,  managing  and  controlling  customers  with 
higher  credit  risk  profiles  and  optimizing  the  costs  of  less  prof¬ 
itable  customers.  By  doing  so,  they  can  identify  opportunities  to 


76 


OCTOBER  1,  2005  |  www.cio.com 


make  a  difference  in  the  market,  she  says.  Once  the  bank  has  iden¬ 
tified  a  high-potential  opportunity,  it  models  the  opportunity  to 
see  how  much  it  might  grow  the  business.  Then  RBC  fine-tunes  and 
validates  the  offer  with  100  to  200  customers  in  focus  groups  or 
client  interviews.  If  the  offering  is  complex  or  demands  significant 
investments  of  bank  resources,  RBC  will  often  verify  the  results 
through  further  qualitative  research  or  a  pilot,  testing  different 
offers  and  creative  among  thousands  of  customers  before  rolling 
out  the  optimal  version  on  a  larger  scale. 


Targeting  the  Snowbirds 

Once  you’ve  identified  a  group  of  customers  who  appear  to  have  com¬ 
mon  needs,  you  have  to  determine  if  you  can  profitably  offer  a  value 
proposition  to  meet  those  needs.  It’s  all  about  finding  the  ideal  middle 
ground  between  segments  of  one  (it  would  be  too  expensive  to  address 
customers’  needs  individually)  and  segments  that  are  so  large  and 
heterogeneous  that  you  can’t  tailor  offerings  to  customers’  needs. 
Sometimes  it’s  not  worth  subsegmenting  your  customers.  (Selden 
observes  that  Wal-Mart  essentially  has  one  segment  of  200  million, 
based  on  the  assumption  that  everyone  just  wants  low  prices,  period.) 

“Normally,  companies  start  with  a  relatively  small  number  of 
segments,  which  are  fairly  coarse,”  says  Selden.  “But  if  you  have 
40  million  customers  and  five  segments  with  8  million  customers 
per  segment,  the  chances  of  those  being  highly  homogeneous  are 
very  limited.”  The  goal,  then,  should  be  to  evolve  those  segments 
into  more  precise  subsegments  that  allow  you  to  deliver  more  tar¬ 
geted  value  propositions. 

“Subsegmenting,”  Selden  says,  “is  where  the  gold  is.” 

Defining  a  useful  subsegment  generally  involves  doing  a  deep 
dive  into  the  most  profitable  end  of  the  segment  to  tease  out  distinct 
behavior  patterns.  On  delving  deeper  into  RBC’s  preservers  seg¬ 
ment,  Lippert  says,  RBC  noticed  a  subsegment  of  people  who  spent 
a  lot  of  time  out  of  the  country  in  certain  months.  Many  of  these 
were  snowbirds  escaping  to  Florida  to  avoid  the  harsh  Canadian 
winters.  Because  RBC  has  branches  in  the  United  States,  the  bank 
quickly  realized  that  snowbirds  represented  a  sweet  spot  of 
untapped  potential  for  the  bank. 

To  address  these  customers’  unmet  needs,  RBC  put  together  a 
“snowbird  package”  that  included  travel  health  insurance,  easy 
access  to  Canadian  funds,  online  consolidated  account  review,  real¬ 
time  transfers,  the  ability  to  leverage  a  Canadian  credit  history  to 
secure  mortgages  in  the  United  States  and  a  toll-free  number  for 
cross-border  banking  questions.  RBC  also  began  introducing  cus¬ 
tomers  in  the  snowbird  subsegment  to  personal  bankers  in  the 
United  States,  making  it  clear  that  the  institution  knows  its  cus¬ 
tomers  and  understands  the  importance  of  their  business. 

Catering  to  snowbirds  has  resulted  in  a  higher  than  average 
number  of  products  per  client  in  that  subsegment.  And  for  RBC, 
that  translated  to  a  250  percent  increase  in  net  income  per  client 
before  taxes.  Equally  stunning  is  the  45  percent  decrease  in  the 
defection  rate  among  the  snowbirds.  Because  acquiring  a  new  cus¬ 
tomer  costs  RBC  a  projected  five  to  10  times  more  than  holding  on 


“We  have  a  culture 
that  recognizes  that 
what’s  in  the  information 
vault  is  as  critical  to  us 
as  what’s  in  the  money 
vault.” 

-RBC  FINANCIAL  GROUP  CIO  MARTIN  LIPPERT 


to  an  existing  customer,  Lippert  says  that  a  reduction  in  the  defec¬ 
tion  rate  adds  significantly  to  bank’s  overall  P&L.  The  package  has 
been  so  successful  that  the  bank  now  offers  a  similar  RBC  Access 
USA  package  to  other  groups  of  customers,  such  as  students  and 
executives,  who  spend  a  lot  of  time  in  the  United  States. 

Although  the  snowbird  subsegment  turned  out  to  be  highly  prof¬ 
itable,  unearthing  other  subsegments  may  reveal  that  they  are  finan¬ 
cial  drains  on  the  institution.  When  RBC  uncovers  unprofitable 
behavior  patterns,  it  looks  for  ways  to  more  efficiently  address  those 
customers’  needs.  For  example,  the  least  profitable  group  within  the 
preservers  segment  turned  out  to  contain  a  number  of  Canadian 
retirees  whose  fixed  incomes  plummeted  in  value  when  interest 
rates  fell  and  stock  returns  diminished.  Because  of  the  poor  return 
on  their  investments,  they  were  highly  dissatisfied— as  well  as  frus¬ 
trated  with  the  limited  advice  offered  by  financial  institutions. 
Although  unprofitable,  they  were  valuable  customers  who  carried 


U 


GOOD  HAIR  DAY?  GO  VIDEO. 
BAD  HAIR  DAY?  GO  VOICE. 


1  Whether  you  need  voice,  video,  or  even  data  conferencing,  Polycom 
1  has  a  solution  for  your  business.  So  you  can  look  like  a  hero,  even  if 
|  your  hair  is  a  wreck.  To  learn  more  about  looking  and 

gv 

g  sounding  great,  visit  polycom.com/experience 


POLYCOM' 

TOGETHER,  GREAT  THINGS  HAPPEN.” 


KfeOK  to  show  off  to  your  friends 
that  you  were  m  CIO. 


But  it’s  even  better  to 
show  your  customers. 


What  better  way  to  inform  your  key  customers 
of  your  editorial  coverage  in  CIO  than  through 
customized  Editorial  Reprints? 

Leverage  the  positive  impact  of  your  editorial 
coverage  by  using  reprints  for  direct  mail 
campaigns,  seminar  promotions,  employee 
communications,  recruiting  and  marketing  pro¬ 
grams.  Let  us  enhance  your  reprints  with  your  company’s  logo, 
address,  and  sales  message.  Reprints  make  great  SALES  tools  for 
trade  shows,  mailings  or  media  kits. 


And  while  a  framed  copy  of  your 
article  will  look  neat  on  your  wall,  it 
will  look  even  better  in  the  hands  of 
your  customers. 


The  Resource 
for  Information 
Executives 


pk^Rs 


■  Ancillary  ■  gMg 

!<<  '<•  n  m  Eg 

_ Servicer 

[international  C  O  R  P~| 

[managed  reprint  PROGRAMS  I 


For  more  information  on  customized  editorial  reprints  in  volume  quantities, 
contact  Jesse  Levy  at  212.221.9595  xl23  or  email  jesse@parsintl.com. 
Website:  www.magreprints.com/quickquote.asp 


Customer  Segmentation 


The  Lifetime  Value  Equation 

Infinancial  services,  calculatingthe  lifetime  value  of  customers  is  something  of  a 
misnomer,  because  few  if  any  banks  attempt  to  project  customer  value  beyond  five 
years.  The  calculation  typically  involves  looking  at  a  customer’s  age,  tenure,  and 
number  of  products  and  services  used,  as  well  as  his  propensity  to  acquire  addi¬ 
tional  products  and  services  minus  the  risk  that  he’ll  defect  on  his  current  products 
and  services.  The  value  of  the  customer’s  projected  portfolio  can  then  be  calcu¬ 
lated  using  typical  profitability  figures  for  each  product  and  service. 


twice  as  many  products  and  services  as  the  average  preserver.  It 
turned  out  they  were  keeping  large  balances  in  short-term  guaran¬ 
teed  investment  certificates  (GICs,  the  Canadian  equivalent  of  a  cer¬ 
tificate  of  deposit)  that  they  were  rolling  over  instead  of  cashing  in. 
And  because  they  were  good  at  negotiating  higher  rates  when  they 
rolled  over  their  GICs,  they  were  that  much  more  unprofitable  for 
RBC.  So  the  bank  developed  a  group  of  cash-flow  model  portfolios 
to  offer  these  customers.  The  portfolios,  which  typically  include 
mutual  funds  as  well  as  GICs  and  vary  by  level  of  risk  and  expected 
return  on  investment,  deliver  a  better  return  as  well  as  tax  breaks. 
The  customers  are  happy  because  they  make  more  money  and  get 
to  keep  more  of  what  they’ve  invested.  And  within  two  years,  RBC 
has  generated  21,000  new  retirement-income  plans  and  achieved  a 
net  growth  of  $1  billion  in  account  balances. 

The  Value  of  All  That  Slicing  and  Dicing 

Companies  that  get  the  most  from  their  segmentation  strategies 
don’t  just  pay  lip  service  to  the  importance  of  segmentation,  they 
organize  their  operations  around  addressing  customer  needs.  At 
RBC,  a  senior  manager  with  P&L  responsibility  manages  each  seg¬ 
ment.  In  addition,  RBC  offers  very  specific,  actionable  data  to  cus¬ 
tomer-facing  employees. 

“Different  people  can  interpret  data  in  a  different  manner,”  says 
Lefebvre.  “We  didn’t  want  to  provide  data  that  anyone  would  have  to 
interpret.  So  we  give  them  something  very  specific,  such  as  ‘For  this 
client,  offer  a  preapproved  line  of  credit,’  or  ‘Call  this  client  about  a  reg¬ 
istered  investment  [Canadian  401(k)  equivalent].’”  So  whether  a  cus¬ 
tomer  dials  in  to  the  call  center,  visits  a  branch  or  talks  to  a  manager, 
she  will  be  given  the  same  offer  because  the  employee  who  interacts 
with  her  will  be  prompted  by  the  CRM  system  to  do  so.  “Delivering 

data  on  a  real-time  basis 
to  reps  when  they  are  en¬ 
gaging  the  client  has  a 
tremendous  lift,”  says 
Lippert.  “Some  organiza¬ 
tions  are  pushing  home 
equity  lines  this  month, 
credit  cards  next  month. 
Our  folks  are  asking 


clients  about  particular  products  that  we 
have  intelligence  are  the  ones  that  those 
clients  are  likely  to  purchase.” 

By  segmenting  its  customers  to  offer  them 
targeted,  relevant  offers,  RBC’s  personal  and 
commercial  division  reached  its  goal  of 
increasing  revenue  by  $1  billion.  Since  Octo¬ 
ber  2003,  client  defection  has  also  decreased 
from  8.4  percent  to  6.2  percent,  while  the 
number  of  high-value  clients  has  increased 
from  17.1  percent  to  19.1  percent  of  the  client 
base  today.  RBC  also  boasts  a  return  on 
equity  of  nearly  25  percent. 

“We  have  a  culture  that  recognizes  that  what’s  in  the  information 
vault  is  as  critical  to  us  as  what’s  in  the  money  vault,”  says  Lippert. 
“It’s  important  to  understand  that  [segmentation  is]  not  typically 
a  year-one,  year-two  payback  kind  of  investment.  It’s  something 
that  gets  better  with  time  and  gets  better  with  the  organization’s 
ability  to  understand  the  data.” 

Lefebvre  says  that  companies  just  starting  down  the  customer 
segmentation  path  should  view  it  as  an  evolutionary  process  and 
just  jump  in  and  begin.  “Don’t  wait  for  everything  to  be  perfect,”  she 
says,  “and  don’t  wait  for  the  next  piece  of  data  before  you  do  things. 
Often  you  can  improve  the  business  successfully  in  a  rudimen¬ 
tary  way.  Ten  years  ago  we  were  not  as  granular. 

“Segmentation,”  she  says,  “is  a  journey.”  HPI 


Alice  Dragoon  is  a  contributor  to  CIO  magazine.  Please  send  your  comments 
to  Executive  Editor  Alison  Bass  at  abass@cio.com. 


Li 


WHAT  EVERY 

MONOLITHIC 

CORPORATE 

CONGLOMERATE 

NEEDS  MORE  OF: 


CTi 

0 


SPONTANEITY. 


J.  The  real  world  operates  in  real  time  —  so  should  your  conference 

o 

c. 

1  technology.  For  fast,  easy,  and  intuitive  collaboration,  look  to 

l  Polycom  for  solutions.  To  learn  more  about  our  real-time  offerings, 
g  immediately  visit  polycom.com/experience 

I  $  POLYCOM 

VIDEO  VOICE  DATA  WEB  TOGETHER.  GREAT  THINGS  HAPPEN.- 


Value  and  Your  Customers 


Peppers  &  Rogers  Group  presents 
the  final  analysis  of  results  from  our 
joint  online  survey  from  July— ARE 

YOU  CREATING  ALL  THE  VALUE  YOU 
CAN  FROM  YOUR  CUSTOMERS?  Go  to 
www.cio.com/100105  to  read  the  results. 

cio.com 


www.cio.com  |  OCTOBER  1,  2005 


79 


PHOTOGRAPHY  BY  BRIAN  SWALE 


Cybersecurity 


Ed  Lazowska  holds  the  Bill  &  Melinda  Gates  Chair  in 

Computer  Science  &  Engineering  at  the  University  of 
Washington,  where  he  specializes  in  the  design,  imple¬ 
mentation  and  analysis  of  high-performance  computing 
and  communication  systems.  In  May  2003,  President 
Bush  appointed  him  cochairman  of  the  president's  Infor¬ 
mation  Technology  Advisory  Committee  (PITAC)  from 
2003  to  2005.  PITAC,  created  by  an  act  of  Congress  in  1991,  is  made  up  of 
experts  from  both  academia  and  the  private  sector  who  advise  the  President 
on  IT  issues.  It  has  traditionally  been  one  of  the  most  important  mechanisms 
that  the  government  has  to  ensure  that  the  nation’s  R&D  programs  have  the 
appropriate  scope  and  direction  to  keep  the  country  at  the  forefront  of  the  IT 
industry.  Under  Lazowska’s  leadership,  PITAC  studied  three  issues:  IT  for 
health  care,  the  future  of  computational  science  and  cybersecurity.  PITAC’s 
report  on  cybersecurity,  called  "Cyber  Security:  A  Crisis  of  Prioritization,” 
was  published  in  February.  "The  title  nicely  summarizes  our  findings,”  says 
Lazowska.  “There  is  a  crisis,  and  it  is  due  to  a  failure  to  ade¬ 


quately  prioritize  this  issue-a  failure  by  CIOs, 
and  a  failure  by  the  federal  government." 
Lazowska  doesn’t  pull  any  punches 
when  discussingthe  Bush  administra¬ 
tion’s  approach  to  the  issue.  “In  my 
opinion,”  he  says,  “this  administration 
does  not  value  science,  engineering, 
advanced  education  and  research  as 
much  as  it  should-as  much  as  the  future 
health  of  the  nation  requires.”  As  a  result,  he 
says,  the  private  sector-and  CIOs  in  partic¬ 
ular — won’t  be  able  to  buy  the  products 
that  they  need  to  truly  be  secure 
unless  they  demand  more  from 
theirgovernment  and,  just 
as  importantly,  show  a 
commitment  to  cyber¬ 
security  by  paying 
for  state  of  the  art 
products. 


CIO:  You're  not  very  optimistic  about  the 
state  of  U.S.  cybersecurity.  What  is  the 
one-minute  version  of  the  problem? 

Ed  Lazowska:  There  is  a  big  gap  between 
what  we  already  know  about  cybersecurity 
and  our  deployment  of  technologies  and 
processes  to  improve  it.  That’s  a  CIO  problem. 
There’s  also  a  big  gap  between  what  we 
already  know  about  cybersecurity  and  what 
we  need  to  know  in  order  to  engineer  ade¬ 
quately  secure  systems  for  the  long-term 
future.  That’s  a  federal  government  problem, 
because  the  federal  government  is  responsible 
for  R&D  that  looks  out  more  than  one  product 
cycle— R&D  such  as  engineering  a  more 
secure  version  of  the  Internet  (see  “Blame  the 
Internet,”  Page  84). 

In  your  report  to  the  president,  you 
concluded  that  IT  infrastructure  is  highly 
vulnerable.  What  are  some  of  the  key 
vulnerabilities? 

We  see  some  of  the  effects  of  cybervulner¬ 
abilities  on  a  daily  basis  on  the  front  page  of 
our  newspapers:  phishing  attacks,  pharm- 
ing  attacks,  denial-of-service  attacks  and 
large-scale  disclosure  of  credit  card  infor¬ 
mation.  Even  phishing  attacks,  which  seem 
easy  to  dismiss  as  a  gullibility  problem,  arise 
from  the  basic  design  of  the  protocols  we  use 
today,  which  make  it  impossible  to  deter¬ 
mine  the  source  of  a  network  communica¬ 
tion  with  certainty. 

The  public,  and  most  CIOs,  do  not  see 
many  activities  that  are  even  more  threat¬ 
ening.  The  nation’s  IT  infrastructure  is  now 
central  to  the  life  of  all  other  elements  of  the 
nation’s  critical  infrastructure:  the  electric 
power  grid,  the  air  traffic  control  network, 
the  financial  system  and  so  on.  If  you  wanted 
to  go  after  the  electric  power  grid— even  the 
physical  elements  of  the  electric  power 
grid— then  a  cyberattack  would  surely  be 
the  most  effective  method.  It’s  also  worth 


National  Security  Crisis 


The  nation  faces  a  looming  security  disaster. 
That's  one  of  the  findings  of  a  report  from  the 
President’s  Information  Technology  Advisory 
Committee,  which  was  cochaired  by  Ed 
Lazowska  and  which  details  the  vulnerabilities 
of  our  IT  infrastructure.  For  a  link  to  this  report, 
go  to  www.cio.com/100105. 

cio.com 


noting  that  the  vast  majority  of  the  military’s 
hardware  and  software  comes  from  com¬ 
mercial  vendors.  PITAC  was  told  that  85  per¬ 
cent  of  the  computing  equipment  used  in 
Iraq  was  straight  commercial.  So  the  mili¬ 
tary  itself  is  arguably  about  as  vulnerable 
to  a  cyberattack  as  the  civilian  sector. 

Some  of  the  problems,  such  as  software 
not  being  designed  with  security  in  mind, 
indicate  that  CIOs  are  somehow  complicit. 
In  your  opinion,  are  CIOs  victims  or  are 
they  part  of  the  problem? 

The  answer  surely  is  both.  CIOs  are  par¬ 
tially  responsible  for  the  insecure  state  of 
today’s  operating  systems,  because  they 
failed  to  see  the  handwriting  on  the  wall 
and  prioritize  security.  Vendors  produce 
what  we  are  willing  to  purchase.  CIOs  are 
largely  responsible  for  the  failure  of  their 
organizations  to  operate  at  the  current  state 
of  the  art  with  respect  to  cybersecurity,  and 
very  few  organizations  operate  at  the  cur¬ 
rent  state  of  the  art. 

Now,  the  problem  is  that  you  can’t  suddenly 


decide  that  you  want  something  like  security 
and  expect  to  be  able  to  buy  it,  because  the 
technology  doesn’t  necessarily  exist.  Almost 
no  IT  company  looks  ahead  more  than  one  or 
two  product  cycles.  And  historically  in  IT, 
those  ideas  comes  from  research  programs 
that  the  federal  government  underwrites.  Just 
think  about  e-commerce:  You  need  the  Inter¬ 
net,  Web  browsers,  encryption  for  secure 
credit  card  transactions  and  a  high-perform¬ 
ance  database  for  back-end  systems.  The  ideas 
that  underlie  all  of  these  can  trace  their  roots  to 
federally  funded  R&D  programs. 

That’s  how  this  relates  to  the  R&D 
agenda.  Long-range  R&D  has  always  been 
the  role  of  the  national  government.  And  the 
trend,  despite  repeated  denials  from  the 
White  House  to  the  Department  of  Defense, 
has  decreased  funding  for  R&D.  And  of  the 
R&D  that  does  get  funded,  more  and  more  of 
it  is  on  the  development  side  as  opposed  to 
longer-range  research,  which  is  where  the 
big  payoffs  are  in  the  long  term.  That’s  a 
more  fundamental  problem  that  CIOs  aren’t 
responsible  for. 


You  feel  strongly  that  the  government's 
treatment  of  cybersecurity  R&D  has  been 
particularly  neglectful. 

PITAC  found  that  the  government  is  cur¬ 
rently  failing  to  fulfill  this  responsibility. 
(The  word  failing  was  edited  out  of  our 
report,  but  it  was  the  committee’s  finding.) 
Let  me  talk  very  quickly  about  three  federal 
agencies  that  you  might  think  are  focusing 
on  this  but  are  not: 

»  Most  egregiously,  the  Department 
of  Homeland  Security  simply  doesn’t  get 
cybersecurity.  DHS  has  a  science  and  tech¬ 
nology  (S&T)  budget  of  more  than  a  billion 
dollars  annually.  Of  this,  [only]  $18  million  is 
devoted  to  cybersecurity.  For  FY06,  DHS’s 
S&T  budget  is  slated  to  go  up  by  more  than 
$200  million,  but  the  allocation  to  cyber¬ 
security  will  decrease  to  $17  million!  It’s  also 
worth  noting  that  across  DHS’s  entire  S&T 
budget,  only  about  10  percent  is  allocated  to 
anything  that  might  reasonably  be  called 
“research”  rather  than  “deployment.” 

»  Defense  Advanced  Research  Projects 
Agency  (DARPA)  is  investing  in  cyber- 


ASSOCIATE  DIRECTOR  FOR  RESEARCH  INFORMATICS 
AND  INFORMATION  TECHNOLOGY 
immediate  Office  of  the  Director 

National  Heart,  Lung  and  Blood  Institute 
National  Institutes  of  Health 
Department  of  Health  &  Human  Services 


The  National  Heart,  Lung,  and  Blood  Institute  (NHLBl)  is  seeking  a  strate¬ 
gic-minded  scientist  with  expertise  in  research  informatics  and  informa¬ 
tion  technology  who  will  bring  significant  experience  in  a  research  envi¬ 
ronment  to  operate  in  an  intellectually  challenging  Federal  biomedical 
research  institution  engaged  in  a  national  research  program  to  under¬ 
stand,  treat,  and  prevent  heart,  lung  and  blood  diseases  and  sleep  dis¬ 
orders  throughout  the  world. 

This  position  offers  a  unique  and  challenging  opportunity  for  the  right 
individual  to  work  directly  with  the  NHLBl  Director  to  develop  a  program 
in  research  informatics,  incorporating  information  technology.  Applicants 
should  possess  an  advanced  science  degree  and  research  experience 
related  to  bioinformatics  or  research  informatics.  Specifically,  the  suc¬ 
cessful  candidate  should  have  experience  in  providing  bioinformatics 
support  in  the  areas  of  biology,  molecular  biology  and  genetics,  including 
the  terminology  of  basic,  translational,  and  clinical  research.  In  addition, 
applicants  should  have  sufficient  education  and  experience  that  will 
ensure  success  in  managing  a  professional  and  technical  staff  engaged 
in  providing  complex  and  computationally  intense  modeling  and  analyt¬ 
ics  in  the  areas  of  bioinformatics,  genomics,  proteomics  and  imaging.  It  is 
highly  desirable  for  the  successful  applicant  to  also  have  extensive  expe¬ 


rience  in  information  technology  management,  encompassing  strategic 
planning,  complex  organizational  structures,  technical  project  manage¬ 
ment  and  process  transformation.  The  successful  candidate  will  serve  as 
the  Chief  Information  Officer  for  the  NHLBl,  and  will  oversee  NHLBl  sci¬ 
ence  support  and  administration  of  NHLBl  science  in  areas  such  as  enter¬ 
prise  operations  systems,  data  warehouse  and  management  reporting 
and  information  security  and  the  day  to  day  operations  of  staff  providing 
IT  infrastructure  development  and  support.  Strong  leadership  qualities, 
negotiation  skills  and  exceptional  interpersonal  skills  are  imperative. 

Application  Process:  Salary  is  commensurate  with  experience  and  a 
full  package  of  Civil  Service  benefits  is  available  including  retirement, 
health  and  life  insurance,  long  term  care  insurance,  leave  and  savings  plan 
(401 K  equivalent).  CV,  bibliography  and  two  letters  of  recommendation 
must  be  received  by  October  15,  2005.  Application  package  should  be 
sent  to  the  National  Institutes  of  Health,  attn:  Mr.  Barry  Rubinstein,  Building 
31,  Room  5A-28,  31  Center  Drive,  MSC  2490,  Bethesda,  MD  20892-2490. 
For  further  information,  please  contact  Mr.  Rubinstein  by  email: 
Rubinstb@nhlbi.nih.gov  or  telephone  (301)  496-2411.  All  information  pro¬ 
vided  by  applicants  will  remain  confidential  and  will  only  be  reviewed  by 
authorized  officials  of  the  NHLBl. 


The  NIH  encourages  the  application  and  nomination  of  qualified  women,  minorities,  and  individuals  with  disabilities. 

HHS  and  NIH  are  Equal  Opportunity  Employers 


Cybersecurity 


security,  but  has  classified  all  of  its  recent 
new  program  starts  in  this  field.  It’s  fine  to  do 
classified  research,  but  we  must  also  recog¬ 
nize  the  negative  consequences,  and  we 
should  (hut  don’t)  fund  nonclassified  re¬ 
search  to  make  up  for  it.  One  negative  conse¬ 
quence  is  that  classified  research  is  very  slow 
to  impact  commercial  IT  systems,  on  which 
the  entire  nation,  and  even  much  of  the 
Department  of  Defense,  relies.  Another  neg¬ 
ative  consequence  is  that  the  nation’s  uni¬ 
versity-based  researchers  cannot  participate, 
because  universities  do  not  perform  classi¬ 
fied  research.  This  eliminates  many  of  the 
nation’s  best  cybersecurity  researchers.  It 
also  means  that  students  are  not  trained  in 
cybersecurity— the  training  of  students  is  an 
important  byproduct  of  research. 

»  The  National  Science  Foundation  (NSF), 
in  FY04,  mounted  a  new  cybersecurity 
research  program,  which  was  able  to  fund 
only  8  percent  of  the  proposals  it  received. 
PITAC  recommended  immediately  adding 
$90  million  annually  to  the  NSF  Cyber  Trust 
program,  as  a  start.  Thus  far,  there  is  no  sign 
of  any  action  on  this  recommendation. 


Where  would  this  $90  million  come  from? 

The  federal  budget  is  trillions  of  dollars,  and 
we  waste  billions  every  month.  This  nation 
makes  all  kinds  of  large-scale  spending  deci¬ 
sions,  and  $90  million  is  one  umpteenth  of 
one  umpteenth  of  1  percent.  And  the  question 
is,  is  cybersecurity  worth  it  to  this  nation? 

What  are  some  of  the  things  that  more 
research  might  yield? 

Cybersecurity,  today,  is  all  about  securing 
the  perimeter,  but  there  is  really  no  “inside” 
and  “outside”  anymore.  This  is  not  an  argu¬ 
ment  against  firewalls,  intrusion  detection 
systems  and  the  like.  Rather,  it  is  a  very 
strong  argument  against  placing  complete 
faith  in  them.  Today,  in  cybersecurity,  we 
are  applying  Band-Aids,  and  we  are  devel¬ 
oping  the  next  generation  of  Band-Aids,  but 
we  are  not  investing  in  research  programs 
that  will  yield  fundamentally  new  system 
architectures  that  will  meet  the  challenges 
we  face  today  and  will  face  in  the  future.  We 
need  to  develop  both  static  and  dynamic 
analysis  tools  that  detect  vulnerabilities.  We 
need  programming  languages  that  include 


fundamental  security  features.  We  need 
techniques  for  assembling  trusted  software 
systems  out  of  multiple  components. 

Also,  interface  design  is  a  very  significant 
issue  that  receives  far  too  little  attention.  The 
problem  is  lousy  software  designs  and  lousy 
human  interfaces,  on  systems  ranging  from 
the  routers  that  control  the  nation’s  Internet 
to  the  dialog  boxes  that  your  browser  pres¬ 
ents.  A  few  years  ago,  researchers  from 
Princeton  and  the  University  of  Washing¬ 
ton  conducted  a  study  of  what  users  actu¬ 
ally  comprehend  when  they  read  these 
dialog  boxes,  and  the  answer,  not  surpris¬ 
ingly,  is  that  users  don’t  have  a  clue  what 
these  dialog  boxes  are  trying  to  tell  them. 
This  is  absolutely  not  a  user  problem!  Of 
course,  it  turns  out  that  a  large  proportion  of 
Internet  routing  errors  are  happening  for 
just  this  reason— someone  in  an  ISP  changes 
the  configuration  of  some  routers  and  an 
error  is  introduced.  But  it  also  turns  out  that 
the  configuration  interface  on  many  Internet 
routers  is  incredibly  primitive,  and  thus 
hugely  error-prone. 

Is  there  a  role  for  the  private  sector  and 
in  particular  CIOs  when  it  comes  to  seeing 
some  of  these  changes  enacted? 

CIOs  and  CEOs  must  insist  on  different 
behavior  by  the  current  administration.  Our 
nation’s  health  and  security  depends  on  it. 
On  their  own,  CIOs— that  is,  the  private  sec¬ 
tor-must  install  and  operate  systems  that 
match  the  state  of  the  art  in  terms  of  cyber¬ 
security.  CIOs  must  demand  that  software 
vendors  design  and  correctly  implement 
these  systems,  and  most  importantly,  CIOs 
must  be  willing  to  pay  for  it.  Also,  many  cor¬ 
porations  now  have  a  chief  information 
security  officer,  which  is  an  important  step. 
And  there  is  an  increasing  trend  toward 
having  a  person  with  IT  qualifications  on 
the  corporate  board  of  directors,  just  as  a 
person  with  appropriate  financial  experi¬ 
ence  must  be  a  board  member  in  order  to 
chair  the  audit  committee.  These  sorts  of 
things  are  becoming  the  standard  of  prac¬ 
tice,  and  corporations  that  fail  to  meet  this 
standard  of  practice  will  do  so  at  their  own 
jeopardy. 


E-mail  feedback  on  this  article  to  Senior  Writer  Ben 
Worthen  at  bworthen@cio.com. 


Blame  the  Internet 

The  Internet  wasn't  made  for  today's  commercial  traffic- 
should  it  be  rebuilt? 


Ed  Lazowska  believes  that  there’s  a  single  culprit  at  the  heart  of  many  of  today’s  cyber¬ 
security  problems:  the  Internet.  When  it  first  started  carrying  packets  more  than  35  years 
ago,  the  Internet  was  little  more  than  a  research  project.  Since  then,  it  has  evolved  into  the 
commercial  phenomenon  on  which  we  all  rely.  But  the  technology  on  which  the  Internet  is 
built,  TCP/IP,  and  other  switching  and  routing  protocols,  weren’t  created  with  modern 
usage  and  its  associated  modern  security  needs  in  mind.  "We  are  asking  the  Internet  to  handle  a  load 
and  perform  tasks  that  it  wasn’t  designed  for,"  Lazowska  says.  “The  fact  that  it  has  been  able  to  do  so  is 
remarkable.  It  is  no  surprise  at  all  that  it  isn’t  perfect  for  today’s  environment.” 

Patches  and  updates  won’t  solve  this  problem.  “Many  of  the  protocols  that  we  use  are  inherently 
insecure,”  Lazowska  says.  “They  can’t  be  made  more  secure  by  evolution.  They  need  to  be  rethought.” 
Unfortunately,  the  only  solution  is  replacing  the  Internet  with  something  new,  just  like  CIOs  have  to 
replace  old  Cobol  systems  that  wear  out. 

The  entire  Internet  was  actually  replaced  once  before  in  the  early  1980s  when  the  whole  Internet 
switched  over  to  TCP/IP  on  one  pre-arranged  day.  Back  then  there  were  only  about  1,000  computers 
connected  to  the  network,  however.  Today,  says  Lazowska,  “It  will  be  a  big,  expensive,  worldwide  job. 

The  United  States  does  not  currently  have  a  plan  for  switching  to  a  more  secure  and  more  reliable  Internet, 
but  it  needs  to  have  one,"  he  says,  “because  the  cost  of  not  doing  it  is  too  great.”  -B.  W. 


84 


OCTOBER  1,  2005  |  www.cio.com 


Your  sales  force  will  love 
sending  more  email 
The  IT  folks  will 
love  getting  less 


Now  both  business  and  IT  people  can  get  what  they  want  in  a  mobile  solution. TheTreo  650  smartphone  with  GoodLink  combines 
phone,  Internet,  and  real-time  wireless  access  to  Microsoft®  Outlook  email*  contacts,  calendar,  tasks  and  notes.  And  with 
over-the-air  deployment,  enterprise-class  security,  and  device  management,  everybody's  job  will  be  easier.  Get  it  all  from  Cingular 
on  the  nation's  largest  digital  wireless  voice  and  data  network.  www.Cingular.com/GoodlinkTreoPromo  It's  time  for  Treo. 


Good  Xcingular 

^  raising  the  barr..ill 


From  9/1  through  10/31,  get  a  FREE  GoodLink  Server 
&  Support  Starter  Pak  and  FREE  Treo  650  business 
accessory  kits.  A  minimum  $2800  value/ 

To  test  drive  risk  free  for  30  days/  call  your  Cingular 
Business  Representative  or  1-800-363-1351. 


'Wireless  service  plan  required  Email  and  web  require  wireless  data  services  and  additional  charges  apply.  Coverage  not  available  everywhere.  'Offer  good  with  the  purchase  of  10  or  more  Treo  650 
smartphones  from  Cingular.  While  supplies  last.  'Trial  includes  up  to  5  Treo  650  smartphones,  the  GoodLink  server,  the  client  software  and  the  service  plan.  Prepayment  required  for  Treo  650  smartphones 
used  for  trial.  Offer  not  available  in  Cingular  Wireless  stores  or  independent  agent  stores  Other  conditions  and  restrictions  apply.  Screen  image  simulated.  ©2005  Palm,  Inc.  All  rights  reserved  Patm 
and  Treo  are  among  the  trademarks  or  registered  trademarks  owned  by  or  licensed  to  Palm,  Inc.  Cingular.  the  "Graphic  Icon"  design,  and  "raising  the  bar"  are  either  trademarks  or  registered  trademarks 
of  Cingular  Wireless  LLC.  Good,  Good  Technology,  the  Good  logo,  and  GoodLink  are  trademarks  or  registered  trademarks  of  Good  Technology,  Inc.  All  other  marks  are  property  of  their  respective  owners. 


Leadership  and  Management 


_and  now  IT  ■ 

CIOs  have  createu 

Reader  ROI 

..  n/hi,  cnme 

jmas  wailgum 


PHOTO  BV  GETTY  IMAGES 


MicroStrategy  is  #1  in 

Customer  Loyalty 

in  the  Business  Intelligence  Market 


In  a  recent  industry  survey  that  measured  customer  loyalty, 
MicroStrategy  outscored  all  of  the  competition. 


1  MicroStrategy 

2  Applix  TM1 

3  SAP  BW 

4  Microsoft  AS 

5  MISAlea 

6  Oracle  OLAP  Servers 

7  Business  Objects 

8  Hyperion  Essbase 

9  Oracle  Discoverer 
10  Cognos  PowerPlay 

60%  70%  80%  90% 

The  OLAP  Survey  4  measures  nearly  1 ,000  customer  sites  and  is  the  largest  independent  survey  of  business  intelligence  (81)  products.  It  is  conducted  annually  by  Suivey.com  and  industry  analyst,  Nigel  Pendse. 


.  v/v; xttv 


xv  I  i  1  >x 

ife^iSasSKsiii 


Report.  Analyze.  Monitor. 


Today,  thousands  of  organizations  worldwide  depend 
on  MicroStrategy  to  report,  analyze,  and  monitor  their 
mission-critical  business  data.  According  to  independent 
surveys,  MicroStrategy  customers  access  the  largest 
databases,  have  the  largest  business  user  populations, 
and  report  higher  business  benefit  from  their  business 
intelligence  applications. 


MicroStrategy  has  been  hailed  by  industry  analysts  for  its 
uniquely  integrated  architecture,  its  user  and  data  seal- 
ability,  and  its  dramatic  ease  of  use.  It  gives  business  users 
integrated  dashboards,  reporting,  and  analysis  they  desire 
and  provides  IT  staff  an  easily  maintainable  industrial- 
strength  business  intelligence  platform  they  need. 


For  your  Free  Evaluation 
Software,  visit  us  at 
www.microstrategy.com/CD 


c\0& 


•\x& 


\vwpa 

ft  aOO^pVvoe^ 

^5^e? 

as^ 


.re^°deT^e^ 
cefetvcC  f0v  tne 

^  c°f 

ct°v’  Vc\de^°v  ._^tre^ds 


e%P^°  .  and  Se°'V  eYvts 

.\3.$ 


ator’Vtu'Ce  ^ 


•v.«°tce 


aw^-rf  «■*'"'  .Avese^’ 


i\\\a',e 


totes' 


tYve 


VtfVP 


otpoVate 

^dt^SWa 


iaad^«f 

\do^^^o.e.e^ 


r  \oPxCS' 

^eV^^A?t>^cC 

c  w»e*e!..wo^^ ^^gdeflce 
,  *e*^?s  *S«'a,D 

.  C^cVl>gf;  tot 

.eve"''0'. 

wUsV^4e>^' 

0®eI  se<*  utstt 


r 

^\\e 


to 


.\  Wtf 


Sponsored  by 

BlackBerry 

C^equanf 

intel. 

1  R 1  s  e 

VISUALIZE.  INNOVATE.  DELIVER!- 

□  MICRO 

FOCUS 


Presented  by 


The  Resource  for 
Information  Executives 


PHOTO  TOP  BY  ANDY  FREEBERG:  MIDDLE  BY  CLAUDIO  VAZQUEZ:  BOTTOM  BY  PETER  MURPHY 


Leadership  and  Management 


We  are  taught  from  a  young  age  about  rules.  Kindergarten  is  chock-full  of  rules  that  are  supposedly  all  you 
really  need  to  know.  Rules  apply  to  every  segment  of  life  thereafter— school,  dating,  taxes,  meetings,  the  work¬ 
place.  Follow  directions.  Wait  your  turn.  Keep  your  hands  to  yourself.  Clean  up  your  own  mess.  File  on  time. 

The  fact  is,  all  IT  departments  have  rules.  Whether  posted  on  the  company  intranet,  embossed  on  a  coffee 
mug,  or  unspoken  yet  understood,  rules  are  meant  to  set  expectations,  influence  behavior  and  promote  team 
play.  Just  as  in  kindergarten. 

Many  CIOs  today  have  created  their  own  set  of  IT  rules,  written  them  down  and  pushed  them  out  to  their 
staffs.  Some  lists  are  very  specific— targeting  governance,  alignment,  capital  expenditures  and  vendor  selec¬ 
tion.  Some  are  more  conceptual— translating  the  CIO’s  vision  for  IT  into  concrete,  actionable  principles.  Others 
use  humor  to  sort  out  serious  subjects  such  as  network  security,  technology  standards  and  risk  management. 


Regardless  of  what  they  call  their  IT  rules  or  how  they  publish  the 
rules,  these  CIOs  consider  their  rules  a  critical  piece  of  their  leadership 
strategy.  The  10  rules  that  Bill  Vass,  senior  vice  president  and  CIO  of  Sun 
Microsystems,  has  promulgated  guide  his  IT  staffers  in  both  their  day- 
to-day  work  and  long-range  planning.  “IT  is  very  complex,  and  people 
need  a  predictable  environment  to  work  in,”  he  says  of  his  CIO  Essen¬ 
tials,  which  he  developed  while  working  at  the  Pentagon.  His  not-so- 
subtle  message  to  Sun’s  IT  staffers:  If  you  follow  these  rules,  you’ll  never 
be  in  trouble. 

The  13  Golden  Rules  that  Ron  Bonig,  executive  director  of  technology 
operations  at  George  Washington  University,  wrote  for  his  department 
use  straight  talk  and  a  bit  of  humor  to  allow  staffers  larger  parameters 
in  which  they  can  make  decisions  on  their  own.  “I  can’t  be  there  all  the 
time,”  Bonig  says.  “You  have  to  empower  them  with  a  set  of  rules.” 

Rules  help  Dow  Jones  CIO  Bill  Godfrey  close  the  gap  between  IT  and 
the  business.  “I  needed  to  have  some  mechanism,  some  framework  to 


promote  ongoing  alignment,”  says  Godfrey,  who  rolled  out  his  Big  Rules 
in  2004.  “All  of  the  rules  in  one  form  or  another  are  there  to  sustain,  pro¬ 
tect  and  foster  alignment.” 

Some  CIOs,  however,  take  a  different  view  of  rules  for  IT.  “I  have 
seen  other  CIOs  who  have  done  these  rules,”  says  one  longtime  CIO 
who  requested  anonymity.  “They  tend  to  be  mocked  by  their  employ¬ 
ees.”  It’s  very  hard  to  write  effective  rules,  says  this  CIO,  and  they  tend 


Bill  Vass  of 

Sun  Microsys¬ 
tems  (top] 

Ron  Bonig  of 

George 

Washington 

University 

(center] 

Bill  Godfrey 

of  Dow  Jones 
(bottom] 


to  decompose  into  just  another 
company  policy  or  manual  that  is 
soon  forgotten. 

CIOs  who  have  embraced  IT 
rules  acknowledge  this  challenging 
fact  of  corporate  life.  “Simply  having 
rules  on  a  website  is  not  the  same 
thing  as  having  them  integrated  into 
your  climate,”  says  Godfrey. 

Therefore,  CIOs  should  follow  a 
few  rules  themselves  before  they 
roll  out  their  own:  Balance  rigor 
with  flexibility.  Avoid  cliches. 
Remember  that  rules  are  part  of  a 
strategy— not  the  strategy.  Never 
miss  an  opportunity  to  talk  them 
up.  Above  all,  however,  CIOs  need 
to  set  a  good  example  for  their 
employees.  Vass  jokes  that  his 
staffers  will  occasionally  catch  him 
about  to  break  one  of  his  rules  on 
project  prioritization.  “You  have  to 
live  by  your  own  rules,”  he  says. 


90 


OCTOBER  1,  2005  |  www.cio.com 


M  MOTOROLA 

intelligence  everywhere 


Because  critical  data  could  be  accessed  on  the  spot,  this  didn't  become  an  even 
longer  night. 


By  instantly  accessing  Mission  Critical  information,  such  as  Department  of 
Justice  records,  police  quickly  apprehended  their  suspect  and  prevented  him 
from  completing  the  crime  he  had  planned.  With  intelligent  data  delivered 
directly  into  the  officer's  hands,  decision-making  was  enhanced,  helping  these 
responders  better  anticipate,  prepare  and  prevent. 

Discover  how  a  Motorola  Mission  Critical  solution  can  provide  responders  with 
instant  Mission  Critical  data  for  additional  effectiveness  especially  in  suspicious 
circumstances.  Cal!  1-800-367-2346  or  visit  www.motorola.com/missioncritical 
and  we'll  send  you  a  free  copy  of  In  the  Event  of:  The  Guide  to  Mission  Critical 
and  subscribe  to  the  Mission  Critical  Communications  series. 

It's  the  intelligence  you  need  in  an  unpredictable  world. 


Motorola  Commercial  GoverniJSW  Solutions  Sector  is  the  recipient  of  the  2002  Malcolm 
MOTOROLA  and  the  stylizeffM  Logo  are  registered  in  the  US  Patent  and  Trademark  Office 


lional  Quality  Award, 
fola,  Inc.  2004. 


Leadership  and  Management 


Bill  Vass,  Sun  Microsystems: 

Essentials  for  Successful  IT  Operations 


In  spending  most  of  his  formative  IT  years  at  the  Department 
of  Defense,  Vass  got  to  see  the  best  and  the  worst  of  IT  proj¬ 
ects  in  a  technology  portfolio  that  encompassed  6,200  sys¬ 
tems.  He  investigated  why  the  top  10  percent  of  projects 
succeeded  and  why  the  bottom  10  percent  did  not.  His  CIO 
Essentials  sprang  from  those  experiences. 

Vass  wasted  no  time  in  implementing  his  rules  at  Sun  when 
he  got  the  CIO  job  in  2004.  They  were  posted  on  the  corporate 
portal,  and  he  talked  them  up  at  staff  meetings  at  every 
opportunity.  The  rules,  he  says,  are  in  order  of  priority.  (As  he 
acknowledges,  his  rules  dovetail  quite  nicely  with  Sun’s  open- 
systems  strategy.) 

If  his  staffers  follow  them,  they  can’t  go  wrong,  Vass  says. 
"For  example,  if  you’ve  done  everything  that’s  on  there,  you 
can’t  make  a  wrong  vendor  selection.  Because  if  you’ve  fol¬ 
lowed  all  these  rules,  the  [systems  are  already]  open.” 

That  said,  Vass’s  rules  aren’t  set  in  stone.  "Everything  is  a 
living  document,"  he  says.  "You  have  to  measure  whether  the 
rules  are  being  effective." 


Bill  Vass’s  CIO  Essentials 

RULE  1  Open  systems  succeed. 

This  rule  has  been  true  from  the  beginning  because  open  sys¬ 
tems  are  standards-based.  Of  course  this  is  good  for  Sun  because 
we’re  an  open-systems  company.  But  I’ve  also  watched  many 
open  systems  succeed  in  scale  and  continue  over  a  long  life  span. 
As  an  executive  who  approves  or  influences  technology  pur¬ 
chases,  don’t  you  want  to  guarantee  that  your  systems  will  scale 
to  meet  new  demands? 

When  I  was  in  government,  I  spent  all  my  time  on  two  types 
of  projects:  projects  that  were  over  budget,  behind  schedule  and 
all  messed  up— or  projects  that  were  ahead  of  schedule,  on  time, 
with  happy  users  and  under  budget.  And  in  almost  100  percent 
of  the  cases,  the  good  projects  were  based  on  open  standards 
because  only  they  had  the  flexibility  to  scale  and  the  flexibility 
beyond  being  locked  in  to  one  vendor. 

RULE  2  Proprietary  systems  fail  in  the  long  run. 

The  second  rule  is  the  opposite  of  the  first.  Proprietary  systems 


92  OCTOBER  1,  2005  |  www.cio.com 


PHOTO  BY  ANDY  FREEBERG 


EMC2 

where  information  lives 


Fr:  a  wide  range  of  information  management  challenges 


To:  a  wide  range  of  software  to  overcome  them 


Leadership  and  Management 


don’t  scale.  To  accommodate  any  unplanned  growth,  they  must 
be  redesigned  in  the  end.  And  they  always  cost  more  in  the  long 
run.  Proprietary  systems  were  the  single  greatest  waste  of  IT 
dollars  I  saw  in  those  6,200  government  systems. 

To  use  a  construction  analogy,  imagine  every  IT  system  starts 
off  based  on  plans  for  a  house  but  usually  grows  into  a  sky¬ 
scraper.  If  you  build  on  open  systems,  you  have  a  strong  foun¬ 
dation  on  which  your  systems  can  grow  to  accommodate  new 
business  and  user  demands.  Importantly,  proprietary  systems 
usually  cost  three  to  four  times  more  than  open  systems  over 
their  life  spans. 

RULE  3  Separate  logical  layers. 

This  is  a  key  insight  into  a  major  cost  driver  in  system  lifecycle 
cost,  and  it’s  a  technology  decision  you  have  to  make  early. 
Spend  a  little  extra  time  up  front  to  separate  your  technology 
layers:  presentation,  business  logic  and  data.  By  separating 
them  out  in  the  beginning,  you  are  ensuring  that  each  can  scale 
and  change  independently. 

RULE  4  Standards  matter. 

These  days  especially,  this  rule  is  really  important.  Companies 
with  written  programming  and  process  standards  will  succeed, 
because  they’re  following  standards  and  open  systems,  mean¬ 
ing  they  can  meet  new  technology  [needs]  with  minimum  effort. 
This  was  true  on  a  mainframe,  and  it’s  still  true  today.  This  also 
gives  you  the  internal  flexibility  to  seamlessly  move  resources 
from  one  project  to  another  without  huge  ramp-up  times. 

RULE  5  What’s  old  is  new  again. 

You  could  also  call  this  “back  to  the  future”  or  “same  stuff,  dif¬ 
ferent  day.”  Technology  is  cyclical.  Take  cell  phones:  Their  func¬ 
tionality  was  very  thin  but  is  now  getting  bigger.  And  as 
bandwidth  becomes  more  pervasive,  functionality  will  get  even 
thinner  again.  This  cycle  applies  to  all  technology  and  should 
play  a  factor  in  your  technology  decisions.  Such  cycles  have 
been  consistent  throughout  the  history  of  IT  and  will  continue, 
along  with  the  cycles  of  distributed  computing  models.  Suc¬ 
cessful  IT  shops  recognize  these  cycles  and  design  systems  that 
can  change  as  the  cycles  change.  If  you  follow  rules  one  through 
four,  you  will  always  be  ready  for  these  cycles. 

RULE  6  Technology  is  not  a  problem. 

In  many  cases,  designing,  implementing  and  deploying  tech¬ 
nology  is  not  a  problem.  Getting  people  to  embrace  technology 
and  understand  its  advantages  is  the  hard  part.  It’s  the  hardest 
thing  IT  managers  do— the  job  is  5  percent  technology  and  95 
percent  communication,  hand-holding  and  getting  people  to 
understand  the  vision,  and  [taking]  the  necessary  steps  to  help 
people  overcome  the  fear  of  change. 

Try  getting  them  to  rethink  the  very  way  they  use  computers 
by  “seeing”  or  visualizing  the  benefits  before  considering  what 


changes  are  needed  to  achieve  that  benefit.  Technology  really 
improves  users’  lives,  but  it  can  be  daunting  to  them  at  first. 

RULE  7  Know  your  estimation  factor. 

Gaining  a  reputation  for  completing  projects  on  time  is  impor¬ 
tant  for  any  executive  because  it  establishes  credibility.  An  esti¬ 
mation  factor  is  how  long  you  think  it  will  take  you  to  perform 
a  given  task.  When  guessing  this,  most  people  forget  to  factor 
in  phone  calls,  meetings,  approval  processes  and  interdepen¬ 
dencies. 

My  estimation  factor  is  four.  That  means  when  I  first  deter¬ 
mine  a  project  will  take  me  two  weeks  to  complete— which  it 
would  if  I  spent  100  percent  of  my  time  on  it  with  no  interrup¬ 
tions— I  multiply  that  projected  number  by  four,  and  guess 
what?  I’m  always  on  time. 

RULE  8  You  manage  what  you  measure. 

Measure  only  what  you  care  about,  and  communicate  that  to 
everyone— your  direct  employees,  peers  and  your  own  man¬ 
agement— so  they  understand  and  accept  your  priorities.  If  you 
don’t  care  about  cost,  then  don’t  measure  cost.  If  you  don’t  care 
about  schedule,  then  don’t  measure  schedule.  If  you  are  not 
measuring  it  with  a  metric,  then  you  are  not  managing  it.  At  Sun 
IT,  we  care  about  availability  and  quality.  I  know  the  availabil¬ 
ity  and  performance  of  every  one  of  my  systems  and  gather  vol¬ 
umes  of  performance  data  on  each.  I  track  those  metrics  all  the 
time  and  manage  my  employees  by  them  so  they  know  what 
their  focus  should  be,  and  our  management  understands  my 
team’s  priorities. 

RULE  9  Don’t  let  the  best  be  the  enemy  of  the  better. 

This  rule  addresses  analysis  paralysis— the  tendency  to  over¬ 
analyze.  By  trying  to  implement  the  world’s  best  system,  you 
might  analyze  for  three  years,  which  means  you  won’t  gain  ben¬ 
efits  for  at  least  that  long.  If  you  follow  rules  one  through  eight, 
you  won’t  make  a  bad  decision. 

So,  decide  what  you  want  now  and  move  forward.  Be  confi¬ 
dent  in  your  decision.  Even  if  you  want  to  add  new  technology 
later,  if  you  base  the  system  on  open  standards  and  separate 
your  layers,  it’s  easy  to  make  changes.  Get  value  out  of  your 
technology  now,  but  ensure  you  can  scale  it  for  greater  benefits 
in  the  future. 

RULE  10  Nothing  in  life  is  easy. 

The  last  rule  is  tongue-in-cheek.  Always  assume  the  worst  from 
a  risk-management  perspective.  Assume  that  a  system  is  going  to 
production  and  the  server  hasn’t  arrived,  your  project  lead  is  leav¬ 
ing  for  another  company,  and  users  will  do  all  the  things  you  don’t 
think  they’ll  do.  Don’t  plan  too  optimistically.  Assume  that  what 
can  go  wrong  will  go  wrong,  and  plan  accordingly.  As  an  execu¬ 
tive,  you’ll  be  prepared  and  will  be  able  to  lead  any  type  of  project 
effectively. 


94 


OCTOBER  1,  2005  |  www.cio.com 


; 


EMC2 

where  information  lives 


EMC2 


documentum 


EMC  DOCUMENTUM*  UNITES  YOUR  CONTENT  AND  YOUR  BUSINESS.  It's  the  only  enterprise 
content  management  solution  proven  to  handle  everything  from  records  to  rich  media  with  one 
integrated  platform.  Helping  everyone  create,  deliver,  and  archive  content  effortlessly.  All  while 
enabling  compliance  and  reducing  costs  with  a  streamlined  process.  To  learn  how  to  share  your 
ideas,  visit  www.EMC.com/documentum.Or  call  1-800-607-9546. 


EMC.  EMC',  Doeumentum.  and  where  information  lives  are  registered  trademarks  of  EMC  Corporation.  ©  5005  EMC  Corporation-.  Alt  rights  reserved. 


Leadership  and  Management 


RonBonig, 

George  Washington  University 

Axioms  to  Empower  the  IT  Staff 


In  keeping  with  their  name,  Bonig’s  Golden  Rules 
are  short  and  memorable  maxims.  He  never 
misses  a  chance  to  preach  his  gospel— at  meet¬ 
ings,  in  e-mails,  in  conversations.  "We  don’t  have  a 
chart  on  the  wall,”  he  says,  "but  you  repeat  them, 
you  leverage  any  moment  and  talk  about  them.” 
That  way,  his  staff  of  140  knows  exactly  what's 
important  to  the  department  and  George  Washing¬ 
ton  University,  especially  Rule  1.  “Lots  of  them  get 
wrapped  up  in  the  new,"  he  says.  "We  have  to 
remember  our  first  job:  to  keep  everything  in  pro¬ 
duction  running.” 

Bonig  believes  the  biggest  benefit  of  the  rules 
has  been  a  sense  of  empowerment  among  his  staff 
and  a  morale  boost.  “As  long  as  you  operate  in 
these  parameters,  you  will  get  your  job  done,”  he 
says.  “We  can  correct  any  honest  mistake.” 


Ron  Bonig’s  Golden  Rules 


strategy.  If  it  all  turns  to  “soup,”  you  can  get  back  to  a  steady 
state  if  you  have  planned  it. 


RULE  1  Production  is  job  number  one. 


RULE  2  The  first  part  of  job  number  one  is  to  “protect  the 
data.”  Backups  are  sacred.  Even  scheduled  production  can  be 
interrupted  to  get  a  clean  backup. 


RULE  7  There  is  no  such  thing  as  an  inconsequential  change. 

RULE  8  Never  say  no  to  a  user— just  put  a  price  tag  on  the 

yes. 


RULE  3  Nothing  I  say  regarding  deadlines,  projects  or  spe¬ 
cial  initiatives  should  ever  be  construed  as  permission  to  devi¬ 
ate  from  Rule  1  and  Rule  2. 


RULE  9  Nobody  is  indispensable.. .but  all  the  systems  admin¬ 
istrators  are  forbidden  to  cross  the  street  at  the  same  time. 


RULE  4  Standards  and  procedures  are  your  safety  net.  If  you 
follow  them,  you  can  be  virtually  guaranteed  that  no  mistake 
you  make  will  cause  a  disaster  (the  procedures  include  peer 
review,  testing  and  validation). 

RULE  5  If  [you  don’t  document  it,]  it  didn’t  happen.  Keep  it 
online  and  in  several  places.  If  you  write  it  down  on  paper,  it’s 
obsolete  before  the  ink  is  dry!  (Especially  for  documentation, 
configurations.) 


RULE  10  To  borrow  from  Mark  Twain:  “Put  all  your  eggs  in 
one  basket,  then  guard  that  basket !” 

RULE  11  And  to  also  paraphrase  von  Clausewitz:  “No  plan 
survives  intact  the  first  contact  with  the  users.” 

RULE  12  You  can  put  the  square  peg  into  the  round  hole,  but 
you  have  to  use  a  big  hammer.  It  is  easier  to  recruit  and  hire  for 
the  skills  you  want  in  the  first  place. 


RULE  6  The  most  important  part  of  the  plan  is  the  back-out 


RULE  13  It’s  only  money.  If  it  is  critical,  we’ll  have  a  bake  sale. 


96 


OCTOBER  1,  2005  |  www.cio.com 


PHOTO  BY  CLAUDIO  VAZQUEZ 


EMC2 

where  information  lives 


To:  managing  it  while  you  check  your  voicemail 


Fr:  barely  managing  your  e-mail  system 


EMC2 


legato 


EMC  EMAILXTENDER  SAVES  YOU  TIME  AND  MONEY  WITH  A  SMARTER  WAY 
TO  MANAGE  E-MAIL.  Now  you  can  handle  everything  from  mailbox  management  to  policy 
administration  and  corporate  records  with  one  solution.  A  solution  built  to  lower  your  storage 
costs,  streamline  operations,  and  enable  compliance.  It’s  what  you  need  to  gain  control,  minimize 
risk,  reduce  cost,  and  go  home  on  time.  Finally.  To  learn  more,  visit  www.EMC.com/legato. 

EMC,  EMC  ,  Legato,  and  where  information  lives  are  registered  trademarks  of  EMC  Corporation.  <D  2005  EMC  Corporation.  All  rights  reserved. 


Leadership  and  Management 


Bill  Godfrey,  Dow  Jones 

Guidelines  to  Bridge  the  Alignment  Gap 


Bill  Godfrey’s  Big  Rules 
for  IT  Service  Governance 

RULE  1  Strategic  Planning 

»  All  technology  divisions  will  have  a  documented  technol¬ 
ogy  plan. 

»A11  technology  divisions  will  have  published  goals  and 
objectives. 

RULE  2  Production  Prioritization 

» Production  problems  classified  as  Severity  One  take 
resource  precedence  over  all  else.  Management  and  staff 
will  work  on  Severity  One  problems  immediately  and  con- 
tinously  until  resolved. 

RULE  3  Enterprise  Architecture 

»  All  technology  divisions  will  have  a  documented  high- 
level  architecture. 

» All  technology  divisions  will  adhere  to  infrastructure 
standards  or  seek  exception  approval. 

»  All  technology  projects  costing  more  than  $250,000  total 
must  be  approved  through  the  Early  Look  Architecture 
Zoning  process  prior  to  capital  approval  submission. 


Godfrey's  IT  rules  had  their  genesis  in  a  couple  of  tough  years  for 
his  department  and  Dow  Jones’s  ad  revenue  streams,  in  which  IT 
struggled  with  a  very  heavy  project  load  and  a  fast  pace  of  change 
in  the  business.  Cost  management  and  project  execution  were 
both  primary  goals  for  Godfrey,  even  as  demand  for  IT  functions 
was  still  outpacing  what  he  could  supply.  His  list  of  Big  Rules,  he 
says,  "was  an  attempt  to  hold  chaos  at  bay." 

So  far,  so  good.  Senior  Dow  Jones  management  has  welcomed 
IT’s  push  into  stricter  IT  governance  and  better  business  align¬ 
ment.  "We’ve  been  invited  to  lead,"  says  Godfrey.  “But  leadership 
comes  with  expectations,  and  we  need  to  get  stronger.”  He  insists 
that  this  is  just  version  1.0  of  the  Big  Rules.  In  the  works  now  is 
version  2.0,  which  will  detail  organizational  strategy  and  how  IT 
can  be  woven  into  the  fabric  of  the  company.  “Just  because  I  have 
rules,  doesn't  mean  we’re  done,”  Godfrey  says. 


RULE  4  Project  Management 

» [There  will  be]  100  percent  adherence  to  the  Dow  Jones 
(DJ)  project  management  process  for  all  nontrivial 
development  projects  (projects  estimated  to  take  more 
than  two  weeks  of  staff  time). 

»  All  development  projects  will  have  a  specifically  identi¬ 
fied  business  sponsor  and  a  specifically  identified  tech¬ 
nology  project  leader  prior  to  initiation. 

»  All  development  projects  requiring  infrastructure  sup¬ 
port  will  directly  involve  infrastructure  support  staff 
during  project  initiation,  giving  the  infrastructure  staff 
an  opportunity  to  directly  participate  in  the  design  of 
systems  solutions. 

RULE  5  Time  Management 

»  All  staff  time  will  be  appropriately  entered  into  the  IT  time 
reporting  system  on  a  weekly  basis. 


98  OCTOBER  1,  2005  |  www.cio.com 


PHOTO  BY  PETER  MURPHY 


Business  Intelligence  made  a  promise:  to  make  it  simple  for  everyone  to  use  information  to  make  better 
decisions.  But,  given  your  complex  IT  infrastructure,  the  reality  of  getting  a  single  BI  standard  in  place  across 
the  company  has  been  anything  but  simple.  Until  now. 

Introducing  Cognos  8  Business  Intelligence,  the  one  solution  built  to  break  down  the  barriers  limiting  BI’s 
potential.  With  a  complete  Web  Services-based  SOA.  A  simple  browser-based  interface.  A  full  range  of  BI  capabilities 
—  reporting,  analysis,  scorecarding,  dashboarding  and  more  —  all  in  a  single  product  and  on  a  single  architecture. 

And  the  BI  foundation  for  companies  demanding  a  simpler  path  to  a  complete  performance  management  system. 

It’s  everything  BI  promised  to  be.  And  now,  it’s  here. 

To  learn  more  and  to  find  out  where  you  can  preview  Cognos  8,  go  to  cognos.com/simple 

COGNOS  8  BUSINESS  INTELLIGENCE. 

vjuvrifi\» 

THE  NEXT  LEVEL  OF  PERFORMANCE'" 


Copyright  ©  2005  Cognos  Incorporated.  All  rights  reserved. 


Leadership  and  Management 


"All  of  the  rules  in  one  form  or  another  are  there  to 

sustain,  protect  and  foster  alignment."  -Bill  Godfrey,  CIO,  Dow  Jones 


RULE  6  Technology  Business  Management 

»  As  represented  in  approved  budgets,  technology  costs  will  not 
exceed  plan  unless  explicit  approval  is  granted  by  the  CIO. 

»  Technology  contracts  will  be  managed  and  approved  through 
business  management  services. 

»  All  third-party  contractors  [and]  consultants  will  sign  non¬ 
disclosure  agreements  [and  will  be]  managed  under  the  non¬ 
employee  security  policy  and  through  the  DJ  preferred  ven¬ 
dor  program. 

RULE  7  Capital  Approval  Management 

»  All  projects  will  adhere  to  corporate  expenditure  authori¬ 
zation  processes. 

»  All  projects  are  required  to  have  appropriate  IT  senior  lead¬ 
ership  team  sign-offs  prior  to  business  line  submission. 

»  For  all  projects  requiring  CIO  approval,  all  staff  work  and 
IT  senior  leadership  team  approvals  will  be  complete  prior 
to  seeking  CIO  approval. 

»  Any  project  with  a  total  cost  of  more  than  $250,000  will 
be  submitted  to  finance  for  formal  business  case  review. 

RULE  8  Requesting  Proposals  from  Third  Parties 

» All  requests  for  proposals  from  third  parties  will  be 
reviewed  and  approved  by  the  CIO  prior  to  execution. 

»  All  requests  for  proposals  from  third  parties  that  could  have 
DJ  infrastructure  implications  will  be  reviewed  and  approved 
by  technology  engineering  services  prior  to  execution. 

RULE  9  Relationship  Management 

»  Business  technology  directors  are  100  percent  accountable 
for  all  technology,  direct  and  indirect,  in  support  of  their 
business  lines. 

»  Business  technology  directors  “own”  all  business  applica¬ 
tion  vendor  relationships. 

»  Enterprise  technology  directors  “own”  _ _ 

all  infrastructure  vendor  relationships. 


Your  Ruling  on  IT  Rules 


RULE  10  Infrastructure  Management 

» Enterprise  infrastructure  services  is 
100  percent  accountable  for  the  DJ 
global  infrastructure. 


Do  IT  rules  work,  or  does  your  workplace  rule 
them  out?  ADD  A  COMMENT  to  the  online  dis¬ 
cussion.  Also,  find  more  sets  of  CIOs'  rules  for  IT. 

Go  to  www.cio. com/100105. 

cio.com 


»  Enterprise  information  services  is  the  only  organization  that 
makes  infrastructure  decisions. 

» Enterprise  information  services  owns  and  manages  all 
infrastructure  capital. 

RULE  11  Compliance  with  Audit,  Regulatory  and  Legal 

» Information  technology  services  will  comply  with  all  audit, 
regulatory  and  legal  requirements. 

»  The  IT  senior  leadership  team  is  accountable  for  compliance. 

RULE  12  Operations  Procedural  Compliance 

» [There  will  be]  100  percent  compliance  with  [the]  enter¬ 
prise  change  control  policy  and  procedure. 

»  All  production  applications  will  be  supported  by  a  service- 
level  agreement. 

RULE  13  Information  Security 

»  All  technology  staff  will  comply  with  the  Dow  Jones  infor¬ 
mation  security  policy. 

» Information  security  approval  must  be  secured  prior  to 
implementing  new  technology  or  making  major  enhance¬ 
ments  to  existing  technology.  This  review  and  approval  is  to 
take  place  before  any  formal  or  informal  obligations  are 
made  between  DJ  and  a  supplier. 

»  All  credential  and  access  management  to  a  financially  sig¬ 
nificant  application  will  be  managed  and  controlled  through 
information  security. 

RULE  14  Sarbanes-Oxley  Compliance 

» [There  will  be]  100  percent  compliance  to  all  Sarbanes- 
Oxley  controls. 

»  All  IT  leaders  will  be  thoroughly  familiar  with  the  IT  general 
control  policies  [regarding]  governance,  project  management, 
operations,  access  control  and  data  management. 

» All  IT  leaders,  supervisor  and  above, 
are  responsible  and  accountable  for 
Sarbanes-Oxley  compliance  across  their 
respective  areas  of  control.  HE! 


Staff  Writer  Thomas  Wailgum  can  be  reached  at 
twailgum@cio.com. 


100 


OCTOBER  1,  2005  |  www.cio.com 


YOUR  JOB  IS  TO  KEEP  SYSTEMS  AND  APPLICATIONS  RUNNING. 
OUR  MISSION  IS  TO  KEEP  PEOPLE  AND  INFORMATION  CONNECTED. 

LET’S  WORK  TOGETHER. 


Continuous  access  to  information  no  matter  what.  That’s  Information 
Availability.  It’s  what  your  employees,  suppliers  and  customers 
demand  every  minute  of  every  day.  But  to  deliver  it  flawlessly,  you 
need  a  massive  global  infrastructure,  redundant  systems  and  diverse 
networks  being  monitored  and  supported  by  skilled  technical  experts 
at  secure  facilities.  That's  exactly  what  SunGard  provides. 

As  a  result,  we  can  offer  you  a  higher  level  of  availability  and  save 
your  company,  on  average,  25%*  versus  building  the  infrastructure 
yourself.  Plus,  it’s  a  vendor  neutral  solution  that  lets  you  control  your 
data,  applications  and  network  while  giving  you  the  flexibility  to 
adjust  to  the  changing  needs  of  your  business.  But  best  of  all,  it  lets 
you  spend  more  time  solving  business  problems  and  less  time  solving 
technical  problems. 


For  years,  companies  around  the  world  have  turned  to  SunGard 
to  restore  their  systems  when  something  went  wrong.  So,  it’s  not 
surprising  that  they’re  now  turning  to  us  to  mitigate  risk  and  make 
sure  they  never  go  down  in  the  first  place. 

You  want  your  network  and  systems  to  always  be  up  and  running. 
We  want  the  same  thing.  Let’s  get  together.  To  learn  more,  visit 
www.availability.sungard.com  or  call  1-800-468-7483. 


SUNGARD' 

Availability  Services 


Keeping  People 
and  Information 
Connected, ,IM 


‘Potential  savings  based  on  IDC  White  Paper,  Ensuring  Information  Availability:  Aligning  Customer 
Needs  with  an  Optimal  Investment  Strategy. 


TOOLS  WE  USE 


BUSINESS  CONTINUITY 


forum : 

IDEAS  &  INSIGHTS  FROM  THE  CIO  EXECUTIVE  COUNCIL  ::  EDITED  BY  CHERYL  ASSELIN 


Howto  Involve  the  Business  to 
Create  a  Solid  Continuity  Plan 


Business-continuity  planning 
has  grown  more  sophisticated 
in  the  past  few  years,  going 
beyond  the  technical  recov¬ 
ery  of  IT  systems  and  get¬ 
ting  networks  back  online. 

Whether  it’s  a  carryover 
from  Y2K  and  9/11,  or  the 
demands  of  Sarbanes- 
Oxley,  CIOs  find  themselves 
in  the  position  of  not  only 
making  sure  technical  dis¬ 
aster-recovery  plans  are  in 
place  and  working  but  also  coordinating 
larger  continuity  efforts  with  all  busi¬ 
ness  functions. 

Members  of  the  CIO  Executive 
Council  recently  identified  business 
continuity  as  a  topic  for  future  Council 
activities  and  research.  Twenty-seven 


members  also  participated  in  a  June 
2005  conference  call  on  business-conti¬ 
nuity  planning.  The  following  are  some 
best  practices  from  mem¬ 
bers  who  have  made  such 
planning  an  integral  part  of 
their  organizations. 

Attach  a  business 
owner  as  the  main 
driver.  Business  continuity 
is  not  about  IT;  it’s  about  the 
business.  Therefore,  it  only 
makes  sense  that  someone 
from  the  business  be  the  owner  of  this 
significant  undertaking.  By  not  identify¬ 
ing  business  continuity  as  an  IT  project, 
its  importance  to  the  company  as  a  whole 
becomes  clear  and  more  widely  accepted. 
The  Board  of  Trustees  at  The  George 
Washington  University,  for  example, 


hired  an  assistant  vice  president  in  2003 
who  sits  outside  of  IT  and  is  charged 
with  coordinating  business-continuity 
plans  for  the  university,  with  significant 
day-to-day  assistance  from  IT. 

At  Eastman  Chemical,  business-con¬ 
tinuity  planning  is  specifically  linked  to 
the  company’s  Sarbanes-Oxley  efforts, 
which  are  sponsored  by  the  CEO.  At 
Intelsat  Global  Services,  a  Washington, 
D.C. -based  satellite  and  telecommunica¬ 
tions  company,  CIO  and  Senior  VP  Joe 
Kraus  sits  on  the  crisis  management 
team,  which  is  made  up  of  20  senior 
representatives  from  business  units 
such  as  HR,  facilities,  security,  corpo¬ 
rate  communications  and  the  medical 
unit.  This  team,  led  by  Intelsat  Global 
Service’s  president,  is  responsible  for 
managing  communications  in  the  event 
Continued  on  Page  104 


Priority  Setting 

Intelsat's  CIO  shares  his  organization’s  method 
for  determining  mission-critical  functions 


ar 

AIR 


Business  functions  that  must  be  performed 
and  restarted  as  quickly  as  possible, 
within  the  first  72  hours  of  a  disaster. 

Example:  Customer 
communications 


When  drawing  up  a  business-continuity  plan  for  an  entire  organization, 
it  is  helpful  to  prioritize  functions  as  to  their  relative  importance  and 
determine  how  quickly  they  must  be  restarted  in  order  to  keep  the  organi¬ 
zation  on  track.  Joe  Kraus,  CIO  and  senior  VP  at  Intelsat  Global  Services, 
and  his  team  use  a  classification  system  that  they  call  “air,  water  and 
food”  to  classify  different  business  functions  and  make  the  business- 
continuity  process  easier  to  think  about. 

It  works  like  this:  You  can’t  survive  without  air.  You  can  survive  for  a  little 
while  without  water,  and  you  can  survive  even  longer  without  food.  Using 
these  three  categories,  the  company  classifies  business  functions  and  orga¬ 
nizational  units  according  to  how  critical  they  are  to  Intelsat’s  survival. 


WATER 


Business  functions  that  must  be 
performed  and  restarted  within 
four  to  30  days  after  a  disaster. 

Example:  Billing,  payroll 


FOOD 


Business  functions  that  are  not 
classified  as  either  air  or  water. 

Example:  Marketing,  anything 
strategic 


102 


OCTOBER  1,  2005  |  www.cio.com 


2005  Global  Crossing  Limited  and  Global  Crossing  Holdings  Limited.  All  rights  reserved. 


THE 

GLOBAL 


NEW 

VI  L  L  A  G  E  . 


COURTESY:THE  WORLD’S  LARGEST,  WHOLLY-OWNED,  CONVERGED,  GLOBAL  IP  NETWORK. 


Reserve  your  place  at  the  absolute  center  of  a  new,  instantly  accessible  world  of  frictionless  commerce.  A  world 
we  pioneered.  Over  a  single  IP  connection,  all  your  business  applications  can  be  seamlessly  converged  and  totally 
secured  over  Global  Crossing  IP  VPN,  VoIP,  iVideoconferencing™  services.  Over  a  single  IP  connection,  you  are  moments 
away  from  your  offices,  your  sales  staff,  your  partners  and  anywhere  in  the  world  managed  by  engineers  and  support  staff  who 
understand  what  customers  need.  And  you  can  have  this  new,  accessible  world  without  changing  a  thing  in  the  infrastructure 
you  have  in  place  now.  Sound  too  perfect  to  be  true?  Ask  the  40%  of  the  FORTUNE  500' 1  companies  we’re  doing  business  with 
today.  The  new  global  village.  It’s  time  you  moved  in.  For  more  detailed  information,  point  your  browser  to  globalcrossing.com. 


Global  Crossing® 


One  planet.  One  network.™  Infinite  possibilities. 


THE  CIO  EXECUTIVE  COUNCIL 


forum , 


I 


Do  you  have  a  point  person  in 
IT  to  help  business  units  with 
business-continuity  planning? 
If  so,  what  are  that  person’s 
duties  and  skill  sets? 

At  MoneyGram  International,  we  have  a 
business-continuity  expert  on  the  IT  staff 
who  communicates  and  coordinates  the  plan 
development  and  testing  with  the  business 
owners.  This  has  proven  effective  for  our 
organization  because  this  individual  does 
not  develop  the  plan,  but  is  viewed  by  the 
business  as  an  expert. 

To  be  successful  in  this  role,  the  business- 
continuity  expert  must  have  a  proven  track 
record  in  developing  continuity  plans  in 
addition  to  project  management.  Because 
continuity  planning  does  not  always  get  a 
high  priority  in  the  organization,  this  individ¬ 
ual  must  be  able  to  establish  a  high  level  of 
credibility  with  the  business  units.  Although 
the  business  unit  maintains  ownership  of 
the  continuity  plan,  often  the  continuity 
planner  must  take  the  lead  and  drive  the 
planning  effort.  With  established  credibility, 
the  business  unit  gains  trust  and  views  the 
individual  as  a  partner. 

Our  business-continuity  expert  has  an  IT 
background,  specifically  with  IT  disaster- 
recovery  planning.  We  have  found  that  to  be 
successful  in  this  role,  the  individual  must 
have  business  sense  and  be  engaged  in 
learning  how  the  business  works.  In  other 
words,  this  individual  cannot  sit  in  the  back¬ 
ground  and  take  notes,  but  should  drive 
execution  of  the  plan  by  making  sugges¬ 
tions  on  how  the  plan  could  operate. 

-David  Albright,  CIO  and  VP, 
MoneyGram  International 


Create  a  Solid  Continuity  Plan  Continued  from  Page  102 

of  a  disaster.  The  team  meets  quarterly,  providing  a  forum  for  senior  business 
leaders.  Given  the  strong  infrastructure  emphasis  of  the  business-continuity 
planning  process,  IT  is  responsible  for  the  program’s  day-to-day  operations. 

A  business  rep  is  responsible  for  guaranteeing  business-side  participation. 
Encourage  business  members  to  understand  and  document 
core  business  processes.  It’s  hard  to  write  a  business-continuity 
plan  if  you  don’t  understand  all  the  details  of  your  business.  Dave  Swartz, 

VP  and  CIO  at  The  George  Washington  University,  was  surprised  by  the 
large  number  of  managers  who  lacked  a  solid  understanding  of  the  univer¬ 
sity’s  business,  and  therefore  had  not  accurately  documented  how  they  ran 
their  functions.  “The  first  exercise  that  the  business  units  underwent  was  to 
examine  the  business  processes,  including  people  involved,  relationships 
with  different  units  and  their  specific  reliance  on  technology  systems,”  says 
Swartz.  “It  was  interesting  to  see  the  new  points  of  risk  that  were  identified 
that  people  hadn’t  been  aware  of.” 

Improving  the  process  should  be  part  of  the  plan.  In  2002, 
Texas  Children’s  Hospital  suffered  through  a  virus  scare  for  several 
days  where  faulty  antivirus  software  made  it  appear  that  thousands  of  the 
hospital’s  computers  were  infected  with  a  virus.  The  hospital’s  IT  staff  quar¬ 
antined  the  affected  computers,  limiting  access  to  critical  patient  data.  Given 
the  life-and-death  importance  of  IT  to  a  hospital,  clinical  staff  moved  to  man¬ 
ual  processes  to  keep  patients  safe.  They  found  that  the  established  downtime 
procedures  worked  well  for  the  first  couple  of  days,  but  the  longer  the  trouble 
dragged  on,  the  more  time-consuming  it  became 
to  recover.  The  clinical  staff  learned  some  valuable 
lessons  during  this  incident.  “It  prompted  them  to 
review  business-continuity  procedures  and  develop 
new,  manual  processes  as  a  result,”  says  David  Finn, 

VP  and  CIO,  privacy  officer  and  information  security 
officer.  Schedules  are  now  printed  on  hard  copy  for 
the  current  day  and  the  next  couple  of  days  to  reduce 
reliance  on  IT  systems. 

Coordination  should  stay  with  IT.  IT  should  provide  templates, 
review  the  plans  and  coordinate  overall  processes  to  ensure  that  each 
unit  has  done  its  due  diligence.  Eastman  Chemical  CIO  Jerry  Hale,  Kraus  and 
Swartz  provide  templates  for  each  function  that  describe  what  components 
to  include  and  how  specific  to  be  in  the  documentation.  At  Texas  Children’s 
Hospital,  IT  is  developing  templates  that  will  standardize  the  process  of 
business  continuity,  outline  practices  and  establish  a  monitoring  process  to 
ensure  plans  are  updated  as  needed.  (For  sample  templates,  visit  the  online 
version  of  this  story  at  www.cio. com/100105.) 

Test  business-continuity  plans  just  as  you  would  test 
technical  disaster  recovery.  “We  get  the  group  of  business  owners 
in  a  room,  present  a  scenario,  and  then  walk  through  the  business-continuity 
process,”  says  Hale.  Kraus  uses  scenario-based  testing  to  make  sure  the  plan 
covers  all  the  necessary  elements.  He  gets  information  on  potential  scenarios 
from  colleagues,  by  participating  in  external  disaster-related  activities,  and 
from  federal  and  government  agencies  responsible  for  disaster  preparedness 
and  planning.  This  year  Kraus  plans  to  run  a  business-continuity  drill  that 
will  involve  relocating  staff  from  different  subsets  of  Intelsat  to  the  backup 
facility,  and  then  restarting  the  business. 

-Carrie  Mathews,  Member  Services  Manager,  CIO  Executive  Council 


DAVID  FINN 

Texas  Children's  Hospital 


104  OCTOBER  1,  2005  |  www.cio.com 


We  are  known  for  our  ancient  civilizations. 

You  should  see  our 
state-of-the-art  delivery  centers. 


For  nearly  10  years 

Softtek's  Near  Shore  Outsourcing  Model 
has  proven  to  be  convenient  and  cost  effective. 
Our  highly  qualified  professionals  have  provided 
Application  Related  Services,  IT  Infrastructure  Support 
as  well  as  Business  Process  Outsourcing 


MtKtCO 


to  Fortune  50  companies  in  the  US  from  Mexico. 


Softtek 


SO  tftAK. 

Mexican  Outsourcing  Industry 
www.mexiconearshore.com 


Near  Shore®  Outsourcing  Services 
www.softtek.com/cio 


THE  CIO  EXECUTIVE  COUNCIL 


forum 


BUSINESS  CONTINUITY 


/ 


[in  his  own  words] 


/ 


For  TV  viewers, 

it  would  be  a  shock 
if  their  favorite  TV 
show  suddenly  stopped 
broadcasting  in  the  middle 
of  a  big  scene.  And  for 
Martin  Gomberg,  CTO  at 
A&E  Television  Networks 
(AETN),  that  is  the  scenario 
he  aims  to  avoid.  AETN  has 
24/7  broadcast  commitments  to 
its  advertisers  and  consumers,  and  has 
invested  in  business  continuity  to  protect 
these  commitments.  Even  short  disruptions,  though 
not  critical  to  revenue,  are  considered  unacceptable  and 
a  violation  of  trust  to  both  viewers  and  advertisers.  Below, 
Gomberg  shares  some  of  the  important  aspects  of  his  busi¬ 
ness-continuity  program. 

What  are  the  elements  of  your  business-continuity 
program? 

Our  program  includes  both  technical  disaster-recovery 
components  and  nontechnical  elements  designed  to  keep 
the  business  running  as  usual:  failure-response  on  site 
spares,  repairs  and  replacements;  system  high-availability 
and  failure  resistance;  technical-disaster  recovery;  optional 
business  continuity  and  company  survivability  assurance, 
which  is  also  owned  by  the  business. 

How  does  the  business  side  of  AETN  participate  in 
business  continuity? 

AETN  sees  business  continuity  as  a  business-owned  prob¬ 
lem.  IT  helps  and  guides  them  with  the  plan,  but  ultimately 
the  business  units  own  it.  Each  department  is  asked  to 
appoint  a  representative  with  sufficient  authority  to  invoke 
continuity.  This  individual  makes  sure  that  all  department 
members  who  need  to  be  involved  understand  their  role. 
This  has  been  a  challenge  for  me  because  most  department 
managers  know  how  to  do  their  jobs,  but  not  how  to  think 


cn 

B" 

UQ 

o 

3 

> 

td 

SI 

3 

H* 

3 

OJ 

a 

M- 

Cfl 

V 

w 

CD 

n 


from  the  perspective  of  disaster 
recovery.  You  have  to  walk 
them  through  it  in  baby  steps, 
and  departments  vary  in  terms 

%  I  I 

of  affinity  for  this  process.  We 
continually  establish  meetings,  ask 
department  members  to  present  their 
continuity  plans,  and  then  challenge 
their  plans.  They  need  to  prioritize  what’s 
critical  to  them,  turn  that  into  a  checklist,  and 
then  write  an  actionable,  maintainable  plan. 

How  does  IT  work  with  the  business? 

We  have  built  a  business-continuity  database  with  all  the 
necessary  elements  of  a  continuity  plan.  The  business 
inputs  its  plan,  specifying  call  chains  and  so  on.  This  is  all 
replicated  to  the  recovery  site,  so  it  is  always  available.  This 
was  where  most  of  the  business-continuity  expense  went, 
as  it  took  10  weeks  and  $30,000  to  build  the  database  with 
the  assistance  of  an  outside  developer. 

For  testing,  we  bring  departments  into  a  room  and  chal¬ 
lenge  their  plans  with  scenarios.  We  drill  down  and  drive  their 
thinking  to  deeper  levels,  and  then  they  update  their  plans. 

I  use  reviewers,  such  as  a  retired  AETN  COO,  who  are  less 
familiar  with  the  plan  and  can  validate  and  challenge  the 
plans.  Where  it  is  testable,  we  test  it  and  ensure  the  plan 
stays  current  as  the  business  changes. 

In  the  broadcast  industry,  if  you  cannot  broadcast  from 
your  primary  or  backup  facilities  or  get  access  to  your  pro¬ 
grams,  you  are  in  a  crisis  of  survivability.  You  have  to  force 
scenarios  to  that  level  to  get  the  businesspeople  to  think 
in  ways  they  normally  don’t  think,  in  terms  of  how  they  will 
conduct  business  and  how  they  can  avoid  getting  to  that 
level  of  crisis.  In  most  cases,  a  well-developed  recovery  and 
business-continuity  plan  should  prevent  you  from  getting 
to  the  point  where  a  company  is  fighting  for  its  life. 


ONE::LINER 


The  CIO  Executive  Council  is  a  professional  organization  for  CIOs  founded  by  CIO’s  publisher.  To  learn  more  about  the  Council, 
visit  www.cioexecutivecouncil.com  or  contact  Director  of  Program  Development  David  Lien  at  dlien@cio.com  or  508  935-4493. 


106 


OCTOBER  1,  2005  |  www.cio.com 


PLUS:  TANGIBLE  BUSINESS  BENEFITS  ★  BEST  PRACTICES  FOR  BEST  RESULTS 


OVER  10  YEARS  OF  WORLD-CLASS  INTEGRATION  EXPERTISE 


A  FASTER,  EASIER  WAY  TO 
IMPLEMENT  TRUE  SOA 


FEATURING: 


SUPPORT  FOR  OVER 
SO  O.S.  CONFIGURATIONS 


m 


UNPARALLELED  INDUSTRY 
KNOWLEDGE  &  PROCESS  SKILL 


IBM  MIDDLEWARE.  POWERFUL.  PROVEN. 

FIGHT  BACK  AT  WWW.IBM.COM/MIDDLEWARE/SOA.  THIS  IS  A  RIP-AND-REPLACE-FREE  EVENT. 

IBM,  the  IBM  logo  and  WebSphere  are  registered  trademarks  or  trademarks  of  International  Business  Machines  Corporation 
in  the  United  States  and/or  other  countries.  ©2005  IBM  Corporation.  All  rights  reserved. 


FROM  THE  PUBLISHER 


THE  RESOURCE  FOR  INFORMATION  EXECUTIVES 


The  Paper  Chase 

CIOs  need  to  include  skyrocketing  paper  and  printing  costs 
in  their  IT  asset  management  plans 

The  "Identify  and  Slash  a  Major  IT  Expense" 

subject  line  of  an  e-mail  I  recently  received  intrigued 
me.  But  the  content  surprised  me. 

I  expected  a  pitch  for  application  integration,  busi¬ 
ness  intelligence  or  supply  chain  service.  Instead, 
what  I  read  was  a  reasonable  and  rational  note  iden¬ 
tifying  paper  waste  and  printing  costs  as  the  “largest 
hidden  cost  in  IT  today.” 

And  though  this  e-mail  came  from  a  reputable 
vendor  that  is  in  the  business  of  slashing  paper  and 
printing  costs,  and  therefore  had  a  bias,  the  message  nonetheless  resonated  with  me. 

I  looked  around  my  office  after  reading  the  e-mail.  I  was  surrounded  by  mounds 
of  paper.  And  right  outside  my  office  is  a  paper  recycling  bin  where  I  deposit  those 
irritating  last  pages  of  printed  Web  documents  with  nothing  on  them.  Why  did 
some  tree  have  to  die  for  this? 

Those  readers  with  good  memories  will  recall  that  about  30  years  ago,  the  indus¬ 
try  created  the  concept  of  the  “paperless”  office  where  all  information  would  be 
stored  and  transferred  electronically.  Throughout  the  1980s,  the  dream  environment 
of  the  paperless  office  was  always  just  over  the  digital  horizon. 

But  in  one  of  the  more  interesting  examples  of  unintended  consequences,  the  more 
automated  the  office  became  with  personal  computers,  printers  and  so  on,  the  more 
paper  was  created.  Each  person  in  the  United  States,  the  world’s  largest  consumer  of 
paper,  consumes  about  749  pounds— more  than  a  third  of  a  ton— of  paper  each  year! 
And  that’s  before  the  Sarbanes-Oxley  compliance  regulations  take  root. 

When  CIOs  hear  “asset  management,”  most  think  about  mission-critical  com¬ 
puting  devices  and  software  programs.  My  suggestion:  Add  your  paper  bill  and 
printing  costs  to  that  list. 

Think  about  it.  Do  you  really  know  what  your  printing  and  paper  costs  are?  As 
another  vendor  in  the  printing  market  asks,  “Does  your  firm  have  an  output  strategy?” 

Drop  me  an  e-mail,  and  I  will  send  you  a  white  paper  on  the  topic— electronically, 
of  course. 


o 

X 

CL 


president  and  ceo  Michael  Friedenberg 

editorial  director  Lew  McCreary 
publisher  Gary  J  .  Beach 

CXO  MEDIA 

CIRCULATION 

svp.  circulation  Carol  A  Spach 
circ.  dir.  Faith  Marcello 

subscription  svcs.  supervisor  Tina  Pescaro 

CIO  EXECUTIVE  COUNCIL 

GENERAL  MANAGER  Mark  Hall 

managing  dir.,  content  development  Richard  Pastore 
program  director  Shaw  Lively 
dir.,  external  relations  Karen  Fogerty 
dir.,  program  development  David  Lien 
director  of  research  Michael  Swenson 
marketing  communications  manager  Jennifer  Baker 
mgr.  of  operations  and  project  mgmt.  Jean  Costello 
dir.,  event  strategy  and  planning  Thomas  Bliss 
member  services  managers  Michael  Fahlsing, 

Bill  Golden.  Carrie  Mathews,  Bill  Roche 
senior  program  managers  Stephen  Buckler. 

Ross  Chapin,  Patrick  Clarke,  Robert  Graham. 

Andy  Kerr.  Amanda  Neal.  Steve  Rovniak 
operations  coordinator  Darcy  Chamberlain 

EXECUTIVE  PROGRAMS 

vp,  conference  mgmt.  Cynthia  Mollus 
director  of  marketing  Mary  Cardwell 

DIRS.,  BUSINESS  DEVELOPMENT 

Chris  Mattoon,  John  Vulopas 

dir.,  event  planning  Amy  Turell 
conference  manager  Judith  Kittredge 
event  planner  Sarah  Yee  designer  Andrea  Slobogan 
client  relations  associate  Lisa  Byron 
client  services  specialist  Cress  O'Brien 

ONLINE 

general  manager  David  Churbuck 
online  producers  Todd  Borglund,  Bill  Hall, 
Jennifer  McCarthy.  Joe  Nguyen 

INFORMATION  SYSTEMS 

cio  Mark  Hall 

idg  dir.  of  information  services  Nancy  Newkirk 
dir.,  i.t.  Dagmar  Eiben  infrastructure  manager 

James  C.  Burgoyne  sr.  i.t.  specialist  Jonathan  Frappier 

system  administrator  Robert  Reagan 
senior  user  support  specialist  Christopher  Kay 
user  services  specialist  Gloria  Lam 
sr.  web  developers  Sean  McCracken.  Chris  Murray 

PRODUCTION 

VP,  MANUFACTURING  Chris  CU0C0 

production  manager  Heidi  Broadley 
associate  production  manager  Lisa  M.  Stevenson 

MARKETING 

dir.,  marketing  research  Bridget  Cammarata 
marketing  research  manager  Carolyn  Johnson 
sr.  director,  marketing  comm.  Sue  Yanovitch 
sr.  marketing  comm,  specialist  Susan  Maloney 
marketing  comm,  coordinator  Lynn  Holmlund 

ADMINISTRATION 

dir.,  finance  Margarita  Chiango 

finance  &  operations  analyst  Chris  Bernardi 
executive  assistant  to  the  president  Diane  Martin 
billing  specialist  Joyce  Gillis 
facilities  specialist  John  Kelley 
office  services  coordinator  Mary  E.  Wooldridge 

HUMAN  RESOURCES 

vp,  human  resources  Patricia  Chisholm 
human  resources  director  Tanya  Bureau 
sr.  hr  representative  Beth  S.  Ramistella 

CXOx  MEDIA  INC. 

INTERNATIONAL  DATA  GROUP 

ceo  Pat  Kenealy 

board  chairman  Patrick  J.  McGovern 

president,  idg  communications  Bob  Carrigan 


108 


OCTOBER  1 


2005  |  www.cio.com 


ONE  EASY-TO-USE  ENVIRONMENT. 

RELIABILITY  &  SECURITY. 
INCREASED  PRODUCTIVITY. 


ROLE -BASED  ACCESS. 

THE  UNFETTERED  JOY 
OF  SEAMLESS  COLLABORATION. 


IT’S  SIMPLY  A  BETTER  WAY  TO  WORK. 


IBM  MIDDLEWARE.  POWERFUL.  PROVEN.  FIGHT  DACK  AT  WWW.IBM.COM/MIDDLEWARE/PRODUCTIVITY 

IBM,  the  IBM  logo  and  Workplace  are  registered  trademarks  or  trademarks  of  International  Business  Machines  Corporation 
in  the  United  States  and/or  other  countries,  ©2005  IBM  Corporation.  All  rights  reserved. 


SALES  AND  SERVICES 


CIO  SALES  OFFICES 

President  and  CEO 

Michael  Friedenberg 
508  935-4310 
Publisher 
Gary  J.  Beach 
508  935-4202 

EAST  COAST 

VP  Sales,  East 

Bob  Bragdon 
508  935-4443 

Regional  Sales  Director 

Kathy  Powers 
201 634-2331 

Regional  Sales  Manager 

Ellie  Schwab 
201 634-2332 

Senior  Sales  Associate 

Rhonda  Goodman 
201 634-2329 
Fax  •  201 634-9513 

NEW  ENGLAND 

Senior  District  Sales  Manager 

Andrew  Haney 
508  935-4586 
Sales  Operations  Manager 

Dawn  Cora 
508  935-4092 
Fax  *508  879-6063 

NORTH  CENTRAL 

Senior  District  Sales  Manager 

Beth  DeVillez 
847  759-2727 

Advertising  Sales  Associate 

Kim  Giovanni 
847  759-2728 
Fax  •  847  759-2729 


WEST  COAST 

VP  Sales,  West 

Bob  Melk 
415  975-2685 

Senior  Regional  Sales  Manager 

Ai  Collins 
415  975-2686 

Regional  Sales  Manager 

Kevin  Ebmeyer 
415  975-2684 

Account  Executive 

Derek  Jung 
415  975-2683 
Fax  •  415  543-2358 

Senior  Account  Executive 

Sara  Mascall 
415  978-3385 

SOUTHERN  CALIFORNIA 

Regional  Sales  Manager 

Kevin  Ebmeyer 
415  975-2684 

LIST  SERVICES 

List  Services  Director 

Kathryn  A.W.  Marston 
508  935-4072 

List  Services  Account  Executive 

Stephanie  Roy 
508  935-4151 

ONLINE  SERVICES 

Western  Online  Sales  Manager 

Jennell  Hicks 
415  243-8585 

Online  Account  Executive 

Danielle  Tetreault 
508  988-6770 


CUSTOM  PUBLISHING 
VP  of  Program  Development,  IDG 

Charles  Lee 
Director 

Mary  Gregory 
508  988-6765 

Director  of  Content  Development 

Tom  Field 

Assoc.  Director  of  Content  Development 

Anne  Stuart 

Senior  Project  Manager  Amy  Greenleaf 
Project  Managers 

John  Danielowich,  Jon  Heinrich 

REPRINT  SERVICES 

For  article  reprints  (100  quantity  or  more), 
please  contact  Jesse  Levy  at  PARS 
International  at  212  221-9595  xl23  or 
via  e-mail  at  jesse@parsintl.com. 

CIO  IS  PUBLISHED  IN  THE 
U.S.  AS  WELL  AS  IN: 

Australia,  CIO  Australia  www.idg.com.au 
Canada,  CIO  Canada  www.lti.on.ca/cio 
China,  CEO  &  CIO  China  www.ceocio.com.cn 
France,  CIO  France  www.idg.fr/cio 
Germany,  CIO  Germany  www.cio.de 
India,  CIO  India  91-80-521-0309/12 
Japan,  CIO  Japan  www.idg.co.jp 
The  Netherlands,  CIO  Netherlands  www.cio.ni 
New  Zealand,  CIO  New  Zealand  www.idg.co.nz 
Norway,  CIO  Business  Standard 
www.business-standard.no 
Poland,  CXO  Poland  www.cxo.pl 
Singapore,  CIO  ACEN/Hong-Kong 
www.idg.com.sg 

South  Korea,  CIO  Korea  www.cio.seoul.kr 
Sweden,  CIO  Sweden  www.cio.idg.se 

For  further  sales  information,  visit 
www2.cio.com/marketing/aboutcio/ 
contacts,  cfm. 


INDEX  OF  COMPANIES  AND  ADVERTISERS 

Page  numbers  refer  to  the  first  page  of  the  article(s)  in  which  the  company  has  a  substantial  mention. 

This  index  is  provided  as  a  service  to  readers.  The  publisher  does  not  assume  any  liability  for  errors  or  omissions. 


COMPANY  INDEX 

A&E  Television  Networks . 102 

Accenture  . 23 

Affiliated  Computer  Services 

Inc . 50 

Allied  Chemical  Corp . 36 

Amazon.com  Inc . 40 

AMR  Research  Inc . 32 

Bridgestone/Firestone  Retail  & 
Commercial  Operations  LLC  .  36 

Capital  One  Services  Inc . 40 

Cinergy  Corp . 50 

CompuMentor  . 65 

DBA  Direct  Inc . 50 

Dow  Jones  &  Company  Inc.  ...  86 

Eastman  Chemical  Co . 102 

Eli  Lilly  and  Co . 36 

Fiat  S.p.A . 36 

Ford  Motor  Co . 36 

Gartner  Inc . 32 

General  Motors  Corp . 36 

Gillette  Co.,  The  . 23 

Harrah's  License  Company  LLC  . .  40 

Harris  Interactive  Inc . 36 

Hewlett-Packard  Development 

Company  L.P . 50 

IBM  Corp . 23 

Intelsat  Global  Services  Corp.  .  102 


International  Finance  Corp . 50 

JM  Family  Enterprises  Inc . 50 

JWB  Ventures  Inc . 23 

Krispy  Kreme  Doughnuts  . 23 

LEGO  Group,  The . 72 

Lufthansa  AG . 36 

Mattel  Inc . 23 

Microsoft  Corp . 23 

MoneyGram  International  ....  102 

Moody's  Corp . 36 

Motorola  Inc . 23 

New  Century  Financial  Corp.  ...  23 

NIKE  Inc . 36 

Nissan  Motor  Co.  Ltd . 36 

Office  Depot  Inc . 23 

Peppers  &  Rogers  Group  . 72 

Procter  &  Gamble  . 23 

QIP  Holder  LLC  . 23 

Radiant  Systems  Inc . 23 

Renault  S.A . 36 

RetroBox . 65 

Royal  Bank  of  Canada  . 72 

Russell  Reynolds  Associates 

Inc . 23 

Sprint  Nextel  . 23 

Summit  Information  Services  .  .  50 

Sun  Microsystems  Inc . 86 

Toyota  Motor  Corp . 36 


Trestle  Group  Foundation,  The  .  23 


Turner  Sports  Interactive  Inc.  .  .  23 

United  Air  Lines  Inc . 36 

Valuedance  . 32 

Verizon  Communications  Inc.  .  .  23 

Walker  Information  Inc . 23 

Whataburger  Inc . 23 

Wiley  Rein  &  Fielding  LLP . 23 

Winston  &  Strawn  LLP . 23 

ADVERTISER  INDEX 

3M  . 31 

Akamai  Technologies  Inc . 13 

AT&T . 59 

Canon . C2 

Cognos  Inc . 99 

Computer  Associates  Inti.  Inc.  .  .  4 
CXO  Media  Inc. 


.  25,  41,  64,  78,  88,  88a 

Department  of  Health  &  Human 

Services/N.I.H . 83 

EMC2  Corp .  93,  95,  97 

Fujitsu  Computer  Systems  Corp.  C3 

Global  Crossing  . 103 

Hewlett-Packard  Co . 64a,  71 

IBM  Corp.  ...  35,  48,  52, 107, 109 
Infocrossing  Inc . 24a 


Integrien  Corp . 40a 

Internet  Security  Systems . 29 

KODAK  Service  &  Support  .  .  6.  Ill 

Kyocera  Mita  Corp . 61 

MFX . 57 

Microsoft  Corp . 10 

MicroStrategy  Inc . 87 

Motorola  Inc.  (regional) . 91 

NetScaler  Inc . 55 

Novell  Inc . 42 

Oracle  Corp . 67 

Palm  Inc . 85 

Polycom  Inc .  75,  77,  79 

Postini  Corp . 21 

Primavera  Systems  Inc . 17 

Ricoh  Corp . 39,  47 

Riverbed  Technology  Inc . 37 

Samsung . 2 

SAS . 22 

Satyam  Computer  Services  Ltd.  .  9 

Siebel  Systems  Inc . 33 

Softtek . 105 

Sterling  Commerce . 14 

SunGard  Availability  Services  .  .  101 

Sun  Microsystems  Inc . 27,  63 

Sybase  Inc . 18 

Symantec  Corp . C4 


Tata  Consultancy  Services  Ltd.  .  69 


CIO  CONTACT 
INFORMATION 

Editorial,  Advertising  and  Business 
Offices:  CXO  Media  Inc.,  492  Old 
Connecticut  Path,  P.O.  Box  9208, 
Framingham,  MA  01701-9208, 

508  872-0080. 

CIO  (ISSN  0894-9301)  is  published 
semimonthly  and  as  a  combined 
issue  Dec.  15/Jan.  1  by  CXO  Media 
Inc.  Periodicals  postage  paid  at 
Framingham,  MA,  and  at  additional 
mailing  offices.  Canada  Publications 
Mail  Agreement  Number  1902075. 
CANADIAN  POSTMASTER:  Please 
return  undeliverable  copy  to  P.O.  Box 
1632,  Windsor,  ON  N9A  7C9. 

Permissions:  Copyright  2005  by 
CXO  Media  Inc.  All  rights  reserved. 
Reproduction  of  material  appearing 
in  CIO  is  forbidden  without  written 
permission.  Send  all  requests  to 
Yadira  Pizarro,  PARS  International, 
212  221-9595,  Ext.  231,  or 
yadira@parsintl.com. 

Photocopy  Rights:  Permission  to 
photocopy  for  internal  or  personal 
use  or  the  internal  or  personal  use  of 
specific  clients  is  granted  by  CIO  for 
users  through  the  Copyright  Clear¬ 
ance  Center,  provided  that  the  base 
fee  of  $3  per  copy  of  the  article,  plus 
$.50  per  page  is  paid  directly  to 
Copyright  Clearance  Center,  27 
Congress  Street,  Salem,  MA  01970. 
Please  specify:  ISSN  0894-9301. 
Permission  to  photocopy  does  not 
extend  to  contributed  articles 
followed  by  this  symbol: 

Subscriptions:  CIO  is  free  to 
qualified  information  executives.  To 
apply,  use  our  online  subscription 
form  at  www.subscribe.cio.com. 
Subscriptions  are  also  available  on 
a  paid  basis  at  a  rate  of  $95  for  the 
United  States  and  Canada,  $195 
International  (payable  in  U.S.  funds 
only)  and  may  be  ordered  online  at 
www.subscribe.cio.com/services.html. 
Or  address  inquiries  to  CIO,  P.O. 

Box  489,  Northbrook,  IL  60065- 
0489;  866  354-1125.  Please  allow 
four  to  six  weeks  for  a  new  subscrip¬ 
tion  to  begin.  The  single  copy  price 
is  $9  for  the  United  States  and 
Canada,  and  $15  International. 
Prepayment  is  required,  payable  in 
U.S.  funds. 

Change  of  Address:  Please  go  to 
www.omeda.com/custsrv/cio  and 
follow  the  online  instructions. 

Postmaster:  Send  change  of 
address  to  C/O,  P.O.  Box  489, 
Northbrook,  IL  60065-9816. 

Printed  in  the  U.S. A. 


110 


OCTOBER  1,  2005  |  www.cio.com 


Document  Products  and  Services 


Broadest  reach, 

Flat-out  performance.  3  limits. 

Nothing  gets  past  you  when  you  use  leading-edge  products  from  Kodak  to  capture,  manage,  archive  and  deliver 
your  critical  business  information.  Create  high-quality  images  of  even  the  most  challenging  documents  using 
Perfect  Page  Scanning  with  iThresholding.  Effortlessly  go  from  paper  to  digital  to  film  and  back  again.  All  made 
possible  by  the  broadest  range  of  scanners  and  reference  archive  equipment  on  the  market.  And  all  backed  by 
one  of  the  largest  and  most  experienced  service  and  support  organizations  in  the  industry.  For  data  accountability, 
compliance,  security,  convenience— and  no  limits— team  up  with  Kodak. 

For  more  information,  visit  www.kodak.com/go/docimaging  or  call  1  -800-944-61  7 1 . 


©  Kodak,  2005.  Kodak  is  a  trademark  of  Kodak. 


Kodak 


10.01.05  EXECUTIVE 


summaries 


In  outsourcing  a  well-defined  process, 
Ken  Yerves,  JM  Family  Enterprises  CIO, 
got  the  work  done  cheaper  and  better. 


50 ! COVER  STORY 
SIMPLE  AND  SUCCESSFUL 
OUTSOURCING 

DESPITE  TALES  of  outsourcing  gloom 
and  doom,  one  type  of  deal  is  almost 
always  successful.  According  to  a  study 
by  MIT’s  Center  for  Information  Systems 
Research  (CISR)  and  CIO  magazine,  well- 
defined  activities  that  are  guided  by  clear 
business  rules  are  ideal  candidates  for 
outsourcing.  These  arrangements— 
“transaction  relationships,”  in  the  study 
terminology— are  highly  satisfactory 
to  CIOs  90  percent  of  the  time.  There 
are  a  few  keys  to  these  relationships: 
selecting  an  easily  “extractable”  activity 
to  outsource,  choosing  a  reliable  vendor 
and  then  getting  out  of  the  way.  The 
study  shows  that  protracted  contract 
negotiations,  customization  or  micro- 
management  by  the  CIO  lowers  the 
likelihood  of  success.  CIOs  from 
Cinergy,  JM  Family  Enterprises 
and  other  organizations  share  their 
experiences.  By  Stephanie  Overby 


72  |  HOW  TO  DO  CUSTOMER  SEGMENTATION  RIGHT 

WHILE  LOTS  OF  COMPANIES  claim  they’re  customer-centric,  the  RBC  Royal  Bank 
(RBC)  is  one  of  just  a  handful  of  organizations  that  segment  customers  based  on  customer 
needs,  not  their  own.  This  strategy  has  helped  RBC  grow  its  market  capitalization  from 
$18  billion  almost  six  years  ago  to  close  to  $50  billion  today.  Unfortunately,  most 
customer  segmentation  efforts  are  not  this  successful,  primarily  because  they  use  the 
wrong  criteria,  classing  customers  either  by  the  products  they  buy,  their  age  and 
economic  group,  or  by  the  revenue  they  generate  for  the  business.  For  various  reasons, 
none  of  these  criteria  work  very  well.  In  this  article,  we  look  at  the  right  and  wrong 
ways  to  segment  your  customers.  By  Alice  Dragoon 


86 


THE  RULES  OF  I.T. 


ALL  I.T.  DEPARTMENTS  have  rules,  whether  written  or  unspoken  (but  nonetheless 
understood).  We  examine  the  IT  rules  created  by  three  CIOs  from  very  different  organiza¬ 
tions.  Some  of  their  rules  are  very  specific,  targeting  governance,  alignment,  capital  expen¬ 
ditures  and  vendor  selection.  Some  are  more  conceptual— translating  the  CIO’s  vision  for 
IT  into  concrete,  actionable  principles.  Others  use  humor  to  sort  out  serious  subjects  such 
as  network  security,  technology  standards  and  risk  management.  At  bottom,  all  are  meant 
to  set  expectations,  influence  behavior  and  promote  team  play.  By  Thomas  Wailgum 


65  |  WHEN  THE  BITS  BITE  THE  DUST 

THE  HARDEST  THING  TO  DO  with  a  computer  is  not  buying  it  or  setting  it  up  or  using 
it  or  fixing  it.  The  hardest  thing  is  throwing  it  away.  To  properly  dispose  of  just  one  PC 
without  exposing  sensitive  personal  or  corporate  data  on  an  old  hard  drive,  without 
running  afoul  of  environmental  regulations  and  without  wasting  what  can  be  reused 
requires  planning  and  time  and,  yes,  money.  CIOs  must  decide  whether  they’ll  repur¬ 
pose  or  recycle  their  old  computers;  what  method  they’ll  select  to  wipe  hard  drives  of 
sensitive  data  (the  choices  are  simple  overwriting,  government-standard  triple-pass 
overwriting  and  degaussing,  which  destroys  the  drive);  and  what  disposal  company 
they’ll  use.  CIOs  must  weigh  risks  (running  afoul  of  federal  regulations;  losing  data  to 
crooks  or  competitors)  against  costs.  Some  options  are  cheaper  (and  riskier)  than  others. 
We  help  you  decide.  By  Scott  Berinato 


80  THE  SKY  REALLY  IS  FALLING 


ED  LAZOWSKA,  who  holds  the  Bill  &  Melinda  Gates  Chair  in  Computer  Science  &  Engi¬ 
neering  at  the  University  of  Washington,  is  also  cochairman  of  the  President’s  Information 
Technology  Advisory  Committee  (PITAC)  from  2003  to  2005.  Under  Lazowska’s  leader¬ 
ship,  PITAC  recently  released  a  tough  report  on  cybersecurity,  called  “Cyber  Security: 

A  Crisis  of  Prioritization.”  “The  title  nicely  summarizes  our  findings,”  says  Lazowska. 
“There’s  a  crisis,  and  it’s  due  to  a  failure  to  adequately  prioritize  this  issue— a  failure  by 
CIOs,  and  a  failure  by  the  federal  government.”  In  this  interview,  Lazowska  doesn’t  pull 
any  punches  as  he  criticizes  the  Bush  administration,  vendors  and  CIOs  for  not  doing 
enough  to  face  what  he  sees  as  a  looming  cybersecurity  disaster.  By  Ben  Worthen 


112 


OCTOBER  1,  2005  |  www.cio.com 


PHOTO  BY  JEFFREY  SALTER 


CIOs 

RELY 

ON 

THEM 


CFOs 

INSIST 

ON 

THEM 


If  there’s  one  thing  CIOs  and  CFOs  can  agree  on,  it’s  Fujitsu  PRIM ERQY®  servers . 


PRIMERGY  BX600 
Blade  Server 


Featuring  the  proven  reliability 
of  Intel®  Xeon™  processors,  PRIMERGY 
blade,  rack  and  tower  servers  give  CIOs  the 
power  to  drive  complex,  business-critical 
enterprise  applications  based  on  Linux  and 
Windows®  operating  systems. 
PRIMERGY  servers  also  provide 
a  low  total  cost  of  ownership  (TCO), 
delivering  the  reliability, 


PRIMERGY  RX600 
Rack  Server 


PRIMERGY  TX300 
Tower  Server 


serviceability,  and  manageability  CFOs 
demand. To  help  maintain  high  performance 
and  lowTCO,  Fujitsu  features  Cool-Safe™ 
cooling  technology.  Developed  with  aviation 
simulation  techniques,  this  innovative,  new 
approach  to  thermal  management  optimizes 
processor  airflow  to  keep  PRIMERGY 
servers  running  at  peak  performance  in 
real-world  IT  environments. 


For  more  information  on  the  complete  line  of  PRIMERGY  servers 
and  how  Fujitsu  PRIMERGY  servers  can  bring  CIOs  and  CFOs  together,  visit 

us.fujitsu.com/computers/PRIMERGY  or  call  I -800-83  1-3  1 83. 


Fujitsu  Computer  Systems  Corporation.  All  nghts  reserved  Fujitsu  and  the  Fujitsu  logo  are  registered  trademarks  of  Fujitsu  Limited  m  the  United  States  and  other  countries  PRIMERGY  is  a  registered  trademark,  and  Cool-Sale  *•  a 
of  Fujitsu  Siemens  Computers  GmbH  in  the  United  States  and  other  countries.  Jntei.  Intel  logo.  Intel  lns*de.  Intel  Inside  lego,  Intel  Xeon  are  trademarks  or  registered  trademarks  of  Intel  Corpomtcr  or  its  subsidiaries  in  the 

United  States  and  other  countr.es.  Windows  >s  a  registered  trademark  of  Microsoft  Corporation 


THE  RESILIENT 
INFRASTRUCTURE: 
A  GUIDE  FOR 
THE  FEARLESS. 


VERITAS 


f 

For  today’s  enterprise,  the  only  constant  is  change.  And  keeping  up  with  change  is  the  ultimate 
challenge  for  a  business  faced  with  an  endless  series  of  paradoxes:  making  information  both 
secure  and  available;  being  reactive  and  proactive  simultaneously;  responding  quickly  to  both  now  from  Symantec 
new  threats  and  new  ideas.  The  solution?  A  resilient  infrastructure  that  lets  you  respond  as  rapidly  to 
opportunity  and  innovation  as  you  do  to  threats  and  disruptions;  and  where  the  elements  that  help  keep  your 
company  up,  running  and  growing  —  security,  storage  and  recovery  —  are  firmly  in  place.  This  is  the  ideal  that 
has  brought  together  Symantec  and  VERITAS  to  form  a  single  company  with  a  single  goal:  to  help  you  build  a 
fearless  enterprise.  For  more  information  visit  www.symantec.com/RI.  BE  FEARLESS. 


Symantec,  the  Symantec  logo.  VERITAS,  and 

U  S.  registered  trademarks  of  SymantttCorpoij||^w;«.  subsidiaries. 
Copyright  c  ?oos  Symantec  Cnrporattflk^jyfiflreserved. 


3  Symantec, 


